How I Learned to Stop Worrying and Love SLAs

May 2021 • Webinar

Matthew J. Butkovic

In this webcast, Matt Butkovic and Alan Levine discuss how cybersecurity SLAs are vital to the success of third-party relationships and a core component of sound governance.

Publisher:

Software Engineering Institute

Subjects

Watch

Abstract

Managing third-party relationships, such as pubic cloud service providers, requires a set of skills often unfamiliar to many technologists. These relationships are constructed on a foundation of verifiable trust. This requires managing the cybersecurity performance of third parties via contractual mechanisms rather than the traditional line-of-sight practices used internal to an organization. Chief among these mechanisms are service-level agreements (SLAs). Cybersecurity SLAs are vital to the success of third-party relationships and a core component of sound governance.

What attendees will learn:

• How to design and implement meaningful SLAs

• How best to use SLAs to drive third-party cybersecurity performance

• The limits of SLAs as a third-party risk management tool

About the Speaker

Matthew J. Butkovic

Matthew Butkovic is the Technical Manager of the Cybersecurity Assurance team within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Butkovic performs critical infrastructure protection research and develops methods, tools, and techniques for evaluating capabilities and managing risk.

Butkovic has more than 15 years of managerial and technical experience in information technology (particularly information systems security, process design and audit) across the banking and manufacturing sectors. Prior to joining CERT in 2010, Butkovic was leading information security and business continuity efforts for a Fortune 500 manufacturing organization.

Butkovic is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).

Software Engineering Institute