{"id":536,"date":"2020-05-22T20:04:00","date_gmt":"2020-05-22T20:04:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=536"},"modified":"2024-01-09T22:45:47","modified_gmt":"2024-01-09T22:45:47","slug":"subsidiary-it-risk","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/","title":{"rendered":"You Can\u2019t Just Walk Away from Subsidiary IT Risk"},"content":{"rendered":"\n<p>If a product can help you evaluate third-party IT risk, it\u2019s not a huge stretch to imagine that same product could help you&nbsp;assess the security risk of your subsidiaries. But many of the chief information security officers (CISOs) we talk to who have tried to apply a security ratings service&nbsp; to the challenge of monitoring their subsidiaries\u2019 security tell us this approach really hasn\u2019t worked for them. Here\u2019s why:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">There\u2019s a big difference in your level of responsibility for a subsidiary owned by your parent company and a third-party you are considering doing business with.<\/h2>\n\n\n\n<p>Network connections with either can introduce your organization to risk, of course, but you can\u2019t just walk away from the security issues of your subsidiaries the way you can from an independent vendor. Ultimately your organization has the responsibility for addressing the IT risks in your subsidiaries. Thus, you\u2019re not just looking to&nbsp;<strong>score<\/strong>&nbsp;the level of risk at your subsidiaries, you are looking to remediate and manage issues.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Deep security expertise must be built into your subsidiary risk management approach.<\/h2>\n\n\n\n<p>Expertise that helps you prioritize the many exposures identified and guides subsidiary teams to quickly remediate those exposures. The lack of useful remediation guidance in security ratings products is perhaps the biggest complaint we hear from CISOs who have tried unsuccessfully to use a security ratings service to manage their subsidiary or corporate risk and are now looking for a better way to do it. A\u00a0<a href=\"\/platform\/\" target=\"_blank\" rel=\"noreferrer noopener\">product that is built for managing subsidiary risk<\/a>\u00a0should be able to identify:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>which attack surface assets in the subsidiary are most critical to protect<\/li>\n\n\n\n<li>which assets will be most desirable to attackers<\/li>\n\n\n\n<li>which paths into the attack surface attackers are most likely to exploit<\/li>\n\n\n\n<li>precisely how and where subsidiary security teams can remediate any identified attack vectors<\/li>\n<\/ul>\n\n\n\n<p>Many corporate IT security teams oversee subsidiary risk but do not have hands-on engagement. CISOs tell us that they prefer being able to identify the highest priority risks at their subsidiaries and then offer the subsidiary security teams detailed remediation guidance about how and where to eliminate those risks. That increases the effectiveness and efficiency of all their security teams and improves their overall security.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Managing subsidiary risk is a matter of both scale and frequency.&nbsp;<\/h2>\n\n\n\n<p>Many organizations grow by acquisition, so their attack surfaces are ever expanding, which presents additional overload for already over-burdened and finite corporate security teams. A product that is purpose-built for managing subsidiaries should include efficiencies that scale, with a process that works for one subsidiary \u2014 or a thousand.&nbsp;<\/p>\n\n\n\n<p>CISOs want an overall view of their security posture as an organization\/conglomerate, as well as the detailed risk view of each subsidiary and the ability to track and report on the same. And monitoring subsidiary risk has to be an ongoing process that can easily absorb oversight of new subsidiaries and the ever-changing attack surfaces of each of them without substantial additional overhead.&nbsp;&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Monitoring IT subsidiary risk has to be an ongoing process that absorbs oversight of new subsidiaries and their ever-changing attack surfaces.<\/p>\n","protected":false},"author":26,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[32,122],"class_list":["post-536","post","type-post","status-publish","format-standard","hentry","category-perspectives","tag-risk-management","tag-subsidiary-risk"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>You Can\u2019t Just Walk Away from Subsidiary IT Risk | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"You Can\u2019t Just Walk Away from Subsidiary IT Risk | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"Monitoring IT subsidiary risk has to be an ongoing process that absorbs oversight of new subsidiaries and their ever-changing attack surfaces.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-22T20:04:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-09T22:45:47+00:00\" \/>\n<meta name=\"author\" content=\"CyCognito Staff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"CyCognito Staff\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/\"},\"author\":{\"name\":\"CyCognito Staff\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e1e418d7d4a6d3abf5de7ef65d04da91\"},\"headline\":\"You Can\u2019t Just Walk Away from Subsidiary IT Risk\",\"datePublished\":\"2020-05-22T20:04:00+00:00\",\"dateModified\":\"2024-01-09T22:45:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/\"},\"wordCount\":514,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"keywords\":[\"Risk Management\",\"Subsidiary Risk\"],\"articleSection\":[\"Perspectives\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/\",\"name\":\"You Can\u2019t Just Walk Away from Subsidiary IT Risk | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"datePublished\":\"2020-05-22T20:04:00+00:00\",\"dateModified\":\"2024-01-09T22:45:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"You Can\u2019t Just Walk Away from Subsidiary IT Risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e1e418d7d4a6d3abf5de7ef65d04da91\",\"name\":\"CyCognito Staff\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/dc81941cde3349893dfc090c431e4dc0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/dc81941cde3349893dfc090c431e4dc0?s=96&d=mm&r=g\",\"caption\":\"CyCognito Staff\"},\"description\":\"Rule Your Risk\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/cycognito\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"You Can\u2019t Just Walk Away from Subsidiary IT Risk | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/","og_locale":"en_US","og_type":"article","og_title":"You Can\u2019t Just Walk Away from Subsidiary IT Risk | CyCognito Blog","og_description":"Monitoring IT subsidiary risk has to be an ongoing process that absorbs oversight of new subsidiaries and their ever-changing attack surfaces.","og_url":"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/","og_site_name":"CyCognito Blog","article_published_time":"2020-05-22T20:04:00+00:00","article_modified_time":"2024-01-09T22:45:47+00:00","author":"CyCognito Staff","twitter_card":"summary_large_image","twitter_misc":{"Written by":"CyCognito Staff","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/"},"author":{"name":"CyCognito Staff","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e1e418d7d4a6d3abf5de7ef65d04da91"},"headline":"You Can\u2019t Just Walk Away from Subsidiary IT Risk","datePublished":"2020-05-22T20:04:00+00:00","dateModified":"2024-01-09T22:45:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/"},"wordCount":514,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"keywords":["Risk Management","Subsidiary Risk"],"articleSection":["Perspectives"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/","url":"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/","name":"You Can\u2019t Just Walk Away from Subsidiary IT Risk | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"datePublished":"2020-05-22T20:04:00+00:00","dateModified":"2024-01-09T22:45:47+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/subsidiary-it-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"You Can\u2019t Just Walk Away from Subsidiary IT Risk"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/e1e418d7d4a6d3abf5de7ef65d04da91","name":"CyCognito Staff","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/dc81941cde3349893dfc090c431e4dc0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/dc81941cde3349893dfc090c431e4dc0?s=96&d=mm&r=g","caption":"CyCognito Staff"},"description":"Rule Your Risk","url":"https:\/\/www.cycognito.com\/blog\/author\/cycognito\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=536"}],"version-history":[{"count":4,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/536\/revisions"}],"predecessor-version":[{"id":588,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/536\/revisions\/588"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}