DAX24.060 -0,4%ESt505.354 -0,3%Top 10 Crypto15,93 +4,3%Dow44.023 -1,0%Nas20.678 +0,2%Bitcoin101.431 ±0,0%Euro1,1622 +0,2%Öl68,89 ±0,0%Gold3.341 +0,6%
Beliebte Suche
DAX 40 Ölpreis Euro - Dollar Bitcoin - Euro Goldpreis
Meistgesucht
NVIDIA 918422 DroneShield A2DMAA Rheinmetall 703000 RENK RENK73 Clara Technologies A3E4MS Volatus Aerospace A2JEQU Tesla A1CX3T Lufthansa 823212 HENSOLDT HAG000 BYD A0M4W9 Siemens Energy ENER6Y BASF BASF11 Commerzbank CBK100 Mercedes-Benz Group (ex Daimler) 710000 Bayer BAY001
Alle Aktien für 0 Euro (zzgl. Spreads) handeln mit finanzen.net zero. Hier informieren
Heute im Fokus
Asiens Börsen uneinheitlich -- FUCHS, ASML und Renault mit Gewinnwarnungen -- NEL ASA weitet Verluste aus -- Rio Tinto im Fokus
Top News
Goldpreis: Aktuelle US-Produzentenpreise im Blick Goldpreis: Aktuelle US-Produzentenpreise im Blick
ASML-Aktie verliert: Ausblick für 2025 gesenkt - Zurückhaltung auf bezüglich 2026 ASML-Aktie verliert: Ausblick für 2025 gesenkt - Zurückhaltung auf bezüglich 2026
Suche...
Login
ODER

Neu auf finanzen.net?

Kostenfrei registrieren und Vorteile nutzen

Übersicht Wertpapierdepots Musterdepots Watchlists Meine News Newsletter Forum Trading Desk Apps Social Media Podcasts
Profil

Most Vendor Assessments Miss Critical Security Risks, According to New Resource From Info-Tech Research Group

09.07.25 22:25 Uhr

As vendor-related cybersecurity risks grow, outdated assessment methods are falling short. Info-Tech Research Group's new blueprint introduces a risk-based framework to streamline evaluations, improve compliance, and strengthen security. The practical approach outlined in the resource supports continuous improvement, enabling security teams to manage evolving threats with greater efficiency.

TORONTO, July 9, 2025 /CNW/ - Vendor partnerships are critical to business success, but they also introduce increasing security risks that organizations must manage carefully. With regulatory demands rising and third-party breaches becoming more frequent, traditional vendor security assessments are no longer effective. Broad, one-size-fits-all approaches often burden security teams, frustrate stakeholders, and stall business progress. According to Info-Tech Research Group, some assessments are so onerous that vendors refuse to bid, or business units find ways to bypass the process altogether, leaving organizations exposed to significant risk.

To help organizations address these challenges, Info-Tech has published its blueprint, Build a Vendor Security Assessment Service, outlining a practical, risk-based approach that enables IT leaders to focus on what matters most. By tailoring assessments to actual business risk, the data-backed research enables organizations to streamline processes, enhance compliance, safeguard sensitive data, and make more informed decisions throughout the enterprise.

"Taking a risk-based approach helps organizations focus their assessments on what matters most, aligning security efforts with the type of service being evaluated and their own tolerance for potential threats," says Ahmad Jowhar, research analyst at Info-Tech Research Group. "Furthermore, a process that fosters continuous improvement in the vendor security risk management program will enable monitoring and improvement, which will help identify further enhancements to the assessment."

In its newly published resource, Info-Tech emphasizes the importance of adopting a structured, end-to-end approach to managing vendor security risks. The firm suggests that rather than relying on one-off assessments, organizations should implement a continuous process that includes initial risk evaluations, treatment through well-defined contractual terms, ongoing monitoring, and regular reassessments. This method ensures that due diligence doesn't stop once a vendor is selected.

Info-Tech's risk-based strategy not only enhances vendor accountability but also enables internal teams to effectively manage evolving threats and maintain a robust security posture over time.

The firm's resource outlines a clear three-phase approach to building a vendor security assessment service:

  • Define Governance and Process: Establish a solid foundation by identifying requirements, defining roles, developing policies, and establishing risk treatment strategies that align with the organization's risk tolerance.
  • Develop Assessment Methodology: Design the tools to assess service and vendor risk. This includes building more effective, risk-based questionnaires, avoiding common pitfalls like overly broad, purely informational, or excessively long surveys.
  • Implement and Monitor Process: Execute and monitor the service with a continuous feedback loop. This includes tailoring security requirements in contracts and ensuring periodic reassessments.

    • To help organizations apply the three-phase methodology in practice, the Build a Vendor Security Assessment Service blueprint provides a detailed framework for assessing new vendors or services:

  • Service Risk: Determine the potential impact of a vendor-related security incident by evaluating the assets at risk and the associated recovery costs.
  • Vendor Risk: Assess the likelihood of an incident occurring, with the level of due diligence determined by the potential service impact.
  • Composite Risk: Multiply service and vendor risk to calculate a composite risk score, which is recorded in a risk register or vendor inventory.
  • Risk Treatment: Treat risks based on the organization's risk tolerance using a matrix to accept, mitigate, or reject them.
  • Record Details: Document assessment outcomes in the vendor inventory, with reassessment frequency guided by the composite risk level.

    • By addressing both the impact and likelihood of vendor-related incidents, Info-Tech's framework enables organizations to align their security efforts with actual risk, focusing resources where they're needed most. Regular reassessments strengthen vendor accountability and support better decisions, all while reducing organizational risk exposure, improving compliance, and enhancing operational efficiency.

    The firm's approach also enables better visibility into vendor and service risks, helping transform vendor risk programs from operational bottlenecks into strategic enablers. Stakeholder alignment and continuous improvement are central to the framework's success.

    For exclusive and timely commentary from Ahmad Jowhar, an expert in security and privacy practice, and access to the complete Build a Vendor Security Assessment Service blueprint, please contact pr@infotech.com.

    About Info-Tech Research Group
    Info-Tech Research Group is one of the world's leading research and advisory firms, serving over 30,000 IT and HR professionals. The company produces unbiased, highly relevant research and provides advisory services to help leaders make strategic, timely, and well-informed decisions. For nearly 30 years, Info-Tech has partnered closely with teams to provide them with everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

    To learn more about Info-Tech's divisions, visit McLean & Company for HR research and advisory services and SoftwareReviews for software buying insights.

    Media professionals can register for unrestricted access to research across IT, HR, and software and hundreds of industry analysts through the firm's Media Insiders program. To gain access, contact pr@infotech.com.

    For information about Info-Tech Research Group or to access the latest research, visit infotech.com and connect via LinkedIn and X.

    Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/most-vendor-assessments-miss-critical-security-risks-according-to-new-resource-from-info-tech-research-group-302501651.html

    SOURCE Info-Tech Research Group