David Rosenthal‘s webinar was titled “Vendor Cyber Risk Management”. As one of the leading Swiss experts in data and technology regulation, he is a profound specialist in vendor cyber risk management. We were delighted to welcome around 100 participants to the webinar and together discussed many engaged questions.
In his presentation, David Rosenthal shared his practical experience on the following questions: What are the legal frameworks and requirements regarding the cyber risk management of providers ? How can they be legally implemented and secured?
The most important key take-aways: To obligate providers with contracts; to define specific TOMS (technical and organizational measures) and to constantly improve them; to use security questionnaires that go beyond yes or no; to consider important security concepts, such as data separation and zero trust, time-boxed PAM, XDR, audit trails, patch management.