my guide on managing third party risk

by Michael Werneburg
on 2017.04.22

You are here:
Risk topics
» Risk topics blog
April, 2017
· my guide on managing third party risk
· PMP for five years
· metrics that matter
· 720 reads in 48 hours
· I lost my job

March, 2017
· farewell, SIRA board
· the message and the medium
· an interesting take on consulting

February, 2017
· the ever-expanding sh*tlist
· claiming professional expenses in Canada
· get cyber safe
· the flight of the wealthy

January, 2017
· virtual kidnapping
· financial industry vendor management

November, 2016
· securing your life
· yet another reason to patch

October, 2016
· DNS subdomain discovery
· fintech and information risk

September, 2016
· on failed persons

July, 2016
· how to sabotage innovative projects

June, 2016
· no fix for cyber security in our lifetime

May, 2016
· gane's law on the passage of data and meaning

April, 2016
· is risk management a profession
· the problem of entitlements
· failed your PMP exam?
· evaluating a vendor's SOC-2 report
· head of state, athlete, billionaire, or drug lord

March, 2016
· SOC-2 versus SIG
· governance & board positions
· case study on advanced persistent threats


I've written a guide on managing third party risk, that is, the risk that comes with sharing your data with third parties such as service organizations. This includes a "20 questions" document on cyber security.

These initial two documents kick off a new section on this website, starting here.

big list