论文部分内容阅读
1、忘记评估第三方风险大多数IT风险专家都认为,现在大部分企业都没有评估供应商和其他合作伙伴的基础设施的风险,而这些基础设施通常会触及企业最敏感的的数据。咨询公司SystemExperts公司副总裁Brad Johnson表示,“很多企业做得不够的方面是管理与第三方供应商的关系。当企业没有真正进行其尽职调查(无论是在签订合同之前还是之后),他们势必将错过关键的细节信息,这将提高风险。举例来说,客户公司可能不知道其供应
Forgetting Third Party Risks Most IT risk experts agree that most businesses today do not assess the risks to the infrastructure of suppliers and other partners that often touch the data that is most sensitive to the business. Brad Johnson, vice president of consultancy SystemExperts, said: ”Many businesses do not do enough to manage relationships with third-party suppliers, and when companies do not actually conduct their due diligence, either before or after signing the contract, they are bound to Will miss key details and this will increase the risk.For example, the client company may not know its supply