What are the top 3 insights Customers and Third Parties gain from reviewing risk assessments?

Which provides more valuable insights to both the Customer and Third Party- inherent risk or residual risk?
Gary Phipps, Solutions Engineer to answer soon . . . . check this space!
Gary Phipps, Solutions Engineer to answer soon . . . . check this space!
Comments
2. Which vendors pose the most risk? You can't possibly (nor should you) assess every single vendor in your ecosystem.
3. How should I begin using the stable of assessment subscriptions I bought? For most companies, start with the highest risk industries (software, business support, IT Consulting, Internet Sevices, Employment Services, etc....) unless you have a specific need to address something tactical e.g. Panama Papers might scare you into wanting to assess all of your law firms first.
Thank you for the questions! Our assessment does include questions about the methods that third parties use for authentication (e.g. username and password, multi-factor authentication, etc.).
I'm not certain I understand the second part of your question so please let me know if I've missed the point.
I hope that is helpful!
Great points and great questions! You're focusing on a particularly challenging aspect of security, and to my knowledge there is no 100% effective solution. The first thing that comes to mind in the scenario you describe is that hashing passwords may be a partial solution. Of course, hashes are susceptible to rainbow attacks, so really what you want is a salted hash. I would consider username/password pairs to be "personal data" and therefore subject to GDPR regulations. Storing, processing, or transmitting personal data without the use of encryption would certainly be a no-no!
I'm happy to say that the CyberGRX assessment includes controls and questions that ask third parties how they protect stored credentials, including the use of standard encryption protocols (AES256), hashing algorithms (MD5 or SHA-2), and the use of salted hashes.
I hope this is helpful!