CISO Notebook: Third-Party RiskCris Ewell of UW Medicine on Managing Vendor Risks
Where is the data, who has access to it, and how is it being secured? These are among the top questions inherent in any third-party risk program. Cris Ewell, CISO of UW Medicine, shares insight from his experience managing vendor risk.
In a video interview at Information Security Media Group's recent Fraud and Breach Summit in Seattle, Ewell discusses:
- His organization's top third-party risks;
- Basic elements of an effective third-party risk program;
- Best practices for controlling third- and fourth-party risks.
Ewell, PhD, is CISO at University of Washington Medicine. Previously, he was CISO of Seattle Children's Hospital. Before that, he served as the director of information security operations at the University of Washington, chief security officer for PEMCO Corp. and chief technology officer for Breakwater Security.