How to Master Third Party Cybersecurity Reviews: Practical Steps for Financial Institutions

Описание: In this comprehensive webinar, Lucas Hathaway, CRO @ Rivial Security walks you through the entire lifecycle of third party risk management for financial institutions—from onboarding new vendors to performing deep dive cybersecurity reviews and meeting examiner requirements (NCUA, FDIC). Learn practical tips on vendor classification, control review best practices, complementary user entity controls (CUECs), incident response, and more. Lucas Hathaway, CRO @ Rivial Security shares real-world breach examples, actionable resources, and demonstrates how to streamline vendor security assessments using AI. Perfect for security leaders, vendor managers, and anyone looking to uplift their vendor risk management game!

Timestamps:

00:00 – Introduction and Webinar Overview

02:00 – The Challenges of Proper Vendor Due Diligence

03:30 – Why Vendor Security Matters: Breaches & Regulatory Landscape

06:30 – Third Party Proliferation, Cloud, and AI Risks

08:15 – Real Breach Examples: MoveIt, Trellis, CUSO

09:10 – Vendor Security Reviews: The 8 Key Elements

11:27 – Vendor Onboarding: Challenges & Best Practices

14:54 – Shadow IT and Training Business Users

15:38 – Simple Vendor Classification: Tiers Explained

19:30 – Vendor Questionnaires: Dos and Don’ts

21:41 – How to Perform In-Depth Control Reviews

25:02 – Framework Alignment: Apply NIST/CIS to Vendor Assessments

27:13 – Gathering Evidence: SOC Reports, Policies, Audits

29:58 – Real Example: Mapping Controls in SOC Reports

32:16 – Risk Treatment: Decision, Documentation, and Follow-Up

34:36 – CUECs: Complementary User Entity Controls Explained

39:46 – Tracking Fourth Party Vendors

46:44 – Ongoing Testing, Monitoring, and Recertification

48:50 – Incident Response: Breach Notification and Playbooks

51:39 – Resources, Templates, and AI Tools

53:23 – Live Demo: Automating Vendor Reviews with AI

56:41 – Getting Buy-In and Building Security Culture

59:33 – Final Q&A and Wrap-Up

YouTube Tags:
third party risk management, vendor security, cybersecurity, financial institutions, NCUA, FDIC, examiner requirements, vendor due diligence, SOC reports, AI in cybersecurity, security reviews, vendor risk assessment, CUEC, fourth party risk, incident response, Rivial Security, Lucas Hathaway, financial security webinar, credit union security, bank compliance, cloud vendor risk, third party breaches, how to review SOC reports, security frameworks, NIST, CIS controls