Organizations increasingly rely on third-party providers for core business functions, creating extensive connectivity requirements and elevated access privileges that expand attack surfaces significantly. Healthcare, energy and critical infrastructure sectors face particular vulnerabilities when outsourcing essential operations to external vendors who may operate across different jurisdictions with varying security standards. Supply chain compromises demonstrate devastating consequences, as evidenced by recent incidents that forced entire hospital systems into manual operations and disrupted national infrastructure.

In this session, led by Kashif Parvaiz, CISO at University Health Network, you will learn:

• How procurement integration ensures cybersecurity involvement in all third-party technology acquisition processes;
• Quantitative and qualitative evaluation methods to combine traditional questionnaires with SOC 2 audits;
• Risk-adjusted assessment approaches to scale evaluation efforts based on business criticality and potential impact.