The Problem with Security Questionnaires



          By Kelly White, CEO and Co-Founder, RiskRecon





              ecurity questionnaires  are one  of the most prevalent  and  recognizable  tools  used  to gauge
          Sand manage risks in third-party  IT environments. Unfortunately, the popularity  of question-
          naires  is  more  of  a  function  of  familiarity  and  expedience  than  a  testament  to  their  efficacy  as  a  risk
          management tool.

          When the rubber meets the road, most risk professionals admit they have very little confidence in security
          questionnaires. They don’t think that these assessments provide an accurate view of risk exposure or give
          them an effective route for requesting remediation from third-party vendors. But running questionnaires is
          usually a straightforward, budget-friendly  process. Vendors may not always like them,  but they typically
          know what to expect from them. And more importantly, most regulators accept questionnaires as a means to
          checking many of the boxes for third-party risk management (TPRM).













             61    Cyber Defense eMagazine – April 2021 Edition
                   Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.