3rd Party Risk Management , Events , Governance & Risk Management
CISO Notebook: Third-Party Risk
Cris Ewell of UW Medicine on Managing Vendor RisksWhere is the data, who has access to it, and how is it being secured? These are among the top questions inherent in any third-party risk program. Cris Ewell, CISO of UW Medicine, shares insight from his experience managing vendor risk.
See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities
In a video interview at Information Security Media Group's recent Fraud and Breach Summit in Seattle, Ewell discusses:
- His organization’s top third-party risks;
- Basic elements of an effective third-party risk program;
- Best practices for controlling third- and fourth-party risks.
Ewell, PhD, is CISO at University of Washington Medicine. Previously, he was CISO of Seattle Children's Hospital. Before that, he served as the director of information security operations at the University of Washington, chief security officer for PEMCO Corp. and chief technology officer for Breakwater Security.