TEST AUTOMATION SUMMIT  | TOKYO – August 22, 2024

SPEAKERS

LAURENT NEBOUT-BAYARD – Regional Information Security Officer, Chanel

THIRD-PARTY RISK MANAGEMENT: MORE THAN JUST QUESTIONNAIRE

Let’s discuss about the risk introduce by suppliers, move to the limitations of traditional vendor assessments and suggest ideas to build a comprehensive framework for effective third-party risk management.

JAMES CUSICK – IT Consultant & Applied Researcher, Independent Consultant

MEETING CUSTOMER SECURITY ASSESSMENTS WITH AI-ASSISTED WORKFLOWS

A key step in compliance and governance relies on the completion and analysis of IT and Cybersecurity assessment questionnaires. For customers, this approach is used to assess the security capabilities of suppliers where over 51% of breaches originate from. For suppliers, answering such assessment questionnaires is essential to winning new business and keeping that revenue. This talk will dive into this process and effective AI-supported methods for meeting this high-risk and high-volume workflow.

Security questionnaires can be lengthy, sometimes including hundreds of questions. In certain industries such as finance, insurance, and defense, third-party qualification processes are even more stringent. For some companies who concentrate on these sectors perhaps 80% or more of their revenue may depend, at least in part, on successfully responding to these complex and shifting questionnaires.

This talk will introduce the role of assessments in the Cybersecurity environment, and typical challenges in managing this function, and provide an approach supported by an AI-based contextual matching knowledgebase solution. The process begins with a customer-initiated request for information, typically managed by a sales team and then handed off to the internal security team and associated technical specialists. The complexity and volume of these requests can quickly overwhelm the security team who need to focus on threat prevention, detection, and operations.

The process outlined in this presentation provides an efficient, partially automated, and scalable approach that can be applied by technology providers working on compliance actions during third-party assessments, Customer Due Diligence, M&A Due Diligence, answering RFPs, and/or audits. For companies managing compliance of their own third-party Cybersecurity compliance, this process is essential to understanding the workflows involved.

KEIKO ITAKURA – Head of Security, Medley

STEP-BY-STEP PROCEDURE AND CONSIDERATIONS FOR PASSKEY DEPLOYMENT

Various services have implemented passkeys, and there may be many people who want to implement passkey. In this session, I will explain where to start when implementing passkeys, and what to consider during each phase from planning to implementation and operation.

Takeaways: People who are planning to introduce passkeys can understand what they need to do and how to proceed. Understand common mistakes and points to be careful about when introducing passkey. Understand implementation patterns according to use cases.