Page 61 - Cyber Defense eMagazine April 2021 Edition
P. 61
The Problem with Security Questionnaires
By Kelly White, CEO and Co-Founder, RiskRecon
ecurity questionnaires are one of the most prevalent and recognizable tools used to gauge
Sand manage risks in third-party IT environments. Unfortunately, the popularity of question-
naires is more of a function of familiarity and expedience than a testament to their efficacy as a risk
management tool.
When the rubber meets the road, most risk professionals admit they have very little confidence in security
questionnaires. They don’t think that these assessments provide an accurate view of risk exposure or give
them an effective route for requesting remediation from third-party vendors. But running questionnaires is
usually a straightforward, budget-friendly process. Vendors may not always like them, but they typically
know what to expect from them. And more importantly, most regulators accept questionnaires as a means to
checking many of the boxes for third-party risk management (TPRM).
61 Cyber Defense eMagazine – April 2021 Edition
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.