Notes (alphabetical)
Search to quickly find notes, articles, guides, and resources across the site.
Search to quickly find notes, articles, guides, and resources across the site.
The single biggest problem in communication is the illusion that it has taken place. often attributed to George Bernard Shaw
Economist briefing: The world should think better about catastrophic and existential risks Economist leader: Politicians ignore far out risks: they need to up their game | The Economist
Third-party risk, also known as vendor or supplier risk, refers to the potential threats and vulnerabilities that arise from relying on external entities to provide goods, services, or support, particularly where the entity is supporting a critical service. For organisations, managing these risks is crucial as they can impact operational efficiency, regulatory compliance, and overall business reputation if something goes wrong. Effective third-party risk management involves assessing, monitoring, and mitigating risks associated with suppliers to ensure business continuity and to protect the interests of the organisation. ...
Companies are rapidly integrating AI into their operations, from customer service chatbots to advanced analytics tools. And if organisations are using AI, then so are their third party vendors, the companies processing data on their behalf. Do we know how our vendors are using our data, and how will we manage that risk? AI and Third-Party Risk: What’s at Stake? AI amplifies third-party risk in several ways: Data Leakage: Information entered into AI tools could be stored, reused, or exposed. Are your inputs contributing to a model that may resurface these comments elsewhere? Opaque Data Practices: What AI systems are your third parties using? Are they using in-house proprietary models? How clear are you on data usage, retention, and any onward sharing? Model Vulnerabilities: If an AI model is compromised, its outputs could become inaccurate or biased, damaging trust and operations. What obligations do you have, and how do you manage this risk? Supply Chain Risks: Many AI solutions will rely on a network of sub-processors, expanding the risk landscape. Do you know where your data ends up? The Key Questions to Ask Yourself and Your Vendors To manage third-party risk effectively in the AI era, you need to ask the right questions: ...
Threat intelligence refers to the process of gathering, analysing, and interpreting information about potential or current threats to an organisation’s digital assets. Organisations typically conduct threat intelligence through various departmental functions, including: a Security Operations Centre (SOC) which will monitors and respond to security incidents an Incident Response Team who will handle and mitigate security breaches a Threat Intelligence Team who will collect and analyse threat data to provide actionable insights. Additionally, organisations often collaborate with external parties such as Threat Intelligence Providers who can offer specialised threat data and analysis through economies of scale with multiple customers, and specialised Security Consultants who can will provide expertise and support in threat intelligence and incident response. ...