EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Third-party risk management: Strategy to mitigate ‘on-premise’ and ‘cloud’ cyber security risks

Moh Cissé
Additional contact information
Moh Cissé: CEO, M6C StrategIT, Canada

Cyber Security: A Peer-Reviewed Journal, 2019, vol. 3, issue 2, 103-115

Abstract: This paper will attempt to exhaustively identify third-party partnership risks and describe requirements applicable to this relationship in the IT security business context. These entities have, either long-term or for an ad hoc period, occasional access to premises, infrastructures and/or data belonging to this organisation. These physical and logical accesses are a source of risk that all organisations should work to mitigate and avoid the materialisation of related threats and impacts that could jeopardise the achievement of their business objectives. Third-party risk management is the set of risk management practices and processes that adequately mitigate the risks inherent to the relationships between the company and its partners. These partners are identified by the designation of ‘third parties’. The mitigation of risks will be considered convenient if it ensures information assets security and compliance with legal and regulatory requirements and security requirements policies and guidelines. Mitigating these risks requires a different strategy depending on the type of business relationship and the nature of the service. The strategy applied to services delivered by a partner during an ‘on-site’ or ‘on-premise’ relationship has features that are not applicable to cloud-based services. The increasing attraction for cloud services — even for companies considered historically as refractory — requires particular attention to risks associated with this new reality of services. In North America (Canada and US) the use of cloud computing is becoming increasingly important in the public sector (such as government, hospitals) and the private sector operating in sensitive environments (such as ICS/SCADA networks). This paper, which is intended to be a practical tool for developing an IT risk management strategy with third parties, is applicable specifically in technology environments for both on-premises and cloud deployment. It applies to risks related to technological components in multi-client environments as well as dedicated service to specific customers.

Keywords: TPRM; risk; third party; cloud (XaaS; MaaS; PaaS; CaaS; SaaS; IaaS); advanced meter infrasctructure (AMI); ICS/SCADA; human–machine interface (HMI); programmable logic controllers (PLC); remote telemetry units (RTU); ISO 27001; SOC2 (search for similar items in EconPapers)
JEL-codes: M15 (search for similar items in EconPapers)
Date: 2019
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/5316/download/ (application/pdf)
https://hstalks.com/article/5316/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2019:v:3:i:2:p:103-115

Access Statistics for this article

More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:csj000:y:2019:v:3:i:2:p:103-115