How to help all size enterprises to simply get access to comprehensive and reliable data on cybersecurity capabilities of third parties to minimize cybersecurity risks?
How to help all size enterprises to simply get access to comprehensive and reliable data on cybersecurity capabilities of third parties to minimize cybersecurity risks?
Challenge open to Teams
Challenge proposed by
Challenge award: $10,000
+ accompaniment from Hydro-Québec experts
Challenge award: $10,000
+ accompaniment from Hydro-Québec experts
Collaboration Challenge
Challenge proposed by an industry leader organization that wants to encourage BETA teams to solve a real and pressing issue in the industry. The partner undertakes to follow the winning team of the Challenge for a period of 5 months after the end of the Coopérathon.
Collaboration Challenge
Challenge proposed by an industry leader organization that wants to encourage BETA teams to solve a real and pressing issue in the industry. The partner undertakes to follow the winning team of the Challenge for a period of 5 months after the end of the Coopérathon.
Background
In recent years, cyber-attacks have continued to grow in frequency and complexity unabated causing adverse impact on organizations and their customers. The menace of ransomware has been dominating news headlines as cybercriminal gangs target organizations that possess sensitive information and technology assets leveraged to provide critical services to the broader community. From critical infrastructure to healthcare to governmental and educational institutions, the scourge of cyberattacks has left no sector safe. The adverse impacts of these attacks run the gamut from disrupting the delivery of critical services and resources to civilians to compromising and exploiting national security secrets to causing notable financial losses for businesses to name a few.
To combat this trend, government and industry bodies have begun to escalate their efforts to enact broader countermeasures and frameworks that not only disrupt cyber criminal activities but elevate expectations from organizations to better secure and protect their assets. A key component of such initiatives is the ability to effectively and transparently assess and report on the cyber security posture of organizations in a manner that fosters greater accountability not only to their business partners and industry bodies but also to their customers.
The proposed challenge aims to solicit innovative solutions for better manage third party cyber risks (TPCR) with broader accessibility and more granular control over data shared with various groups. Establishing a representation of trust, security and privacy is at the core of such interactions. Lack of effective controls and processes around third party cyber risk management (TPCRM) can lead to system compromises, data breaches, and exposure of confidential and PII information. In order to protect the digital ecosystems connecting individuals, businesses and governments, a solution is required to optimize decision making with respect to third-party engagements and interactions.
The traditional approaches to TPCRM are primarily manual, inaccurate, non-scalable and incomprehensible. Despite various efforts to standardize vendor assessment and prioritize third party interactions, the following problems are still frequently encountered:
- Challenges regarding trust scores based on static snapshots of third-party controls and system configuration, lack of dynamic and continuous metrics.
- Timeliness and subjectivity of risk scores
- Risk classification
- Insufficient compliance-centric risk metrics on vendors
- Quantification of financial risk and monetary impact of vendor engagements
- Governance of TPCRM threat/assessment data exchange/sharing platforms
Challenge as part of the Cooperathon 2021
Deloitte, a global leader in cybersecurity services, is looking for innovative solutions to support enterprises of all size in managing the TPCR by better quantify, measure, validate, and share TPCR data.
Participants in the competition should target their solution towards leveraging recent advancements in cloud, blockchain, predictive cyber threat modelling, and identity and access management concepts to enable:
- Standardized third-party risk assessment, including evaluation, continuous risk tracking, risk ranking, and informed recommendation generation
- Effective governance of TPCR data exchange with mechanisms for network reward sharing and incentivizing contributions for all participants
- Secured data sharing using a consensus-based approach, and
- Observation sharing, akin to threat intelligence exchanges (STIX/TAXI)
Industry standards should be considered in the development of the solution.
Data, articles & information
Tackle this challenge and let the adventure begin!
Let your network discover this challenge:
Let your network discover this challenge:
[Sassy_Social_Share]
Use hashtag : #cooperathon21
Use hashtag : #cooperathon21
We connect passion and talent, communities and academics. Together we develop a socially responsible future.
“Cooperathon” is a Trademark of the Fédération des caisses Desjardins du Québec.
Subscribe to the Cooperathon Newsletter
Subscribe to the Cooperathon Newsletter
We connect passion and talent, communities and academics. Together we develop a socially responsible future.
“Cooperathon” is a Trademark of the Fédération des caisses Desjardins du Québec.