It's an amazing number: twenty-five percent of Denver residents receive healthcare through Denver Health.
That means Randall Frietzsche, CISO and Privacy Officer of the organization, has an incredible amount of very personal and private data he’s in charge of securing.
A key piece of the cybersecurity strategy at Denver Health involves limiting third-party risk.
That's why he'll be speaking on "Maturity in Third-Party Risk Management" at SecureWorld Denver on November 2, 2017.
"I will discuss ways we can mature our programs to maximize the value of our analysts, maximize the time we have between conducting that risk analysis without being a roadblock for the business and still deliver competent and accurate results."
Randall has an incredible amount of experience in this area of InfoSec.
Formerly, he was at Catholic Health Initiatives, which has hospitals in 15 states and has a complex vendor management process he helped to mature.
Third-Party risk continues to grow
As the flight to the cloud continues to grow, so do areas of third-party risk.
Says Randall, "Risk around cloud or SaaS solutions has greatly increased because you are often dealing directly with a SaaS solution or the vendor uses another downstream vendor SaaS solution as part of their product. And certainly, if a hosting provider like AWS is involved, there are many questions that should be addressed."
How do you address these questions and what can you expect to learn in his Denver session? Let's put it this way: bring your laptop. There will be a lot of takeaways.
What to expect from the third-party risk session
"I want to have attendees walk away with ideas and tips based on real-world experience of growing and maturing 3rd party risk management in today's reality, where we use vendors to outsource much of our business. We have to be able to assess and address any IT risks, as well as ensure that we're able to do so effectively with minimal staff,” he says.
“I'll discuss ways that I've been able to reduce the overhead in the process so that the risk analysts are focused mostly on doing the analysis, capturing and quantifying the risks, and following through on remediations, and not paperwork. While paperwork is a critical component of documenting risk assessments, it should not consume the analyst."
His session is part of a timely and relevant 2-day agenda at the SecureWorld Denver cybersecurity conference.
You can also explore attendee options and register here for a powerful day of takeaways that will help you secure your organization.