Gartner defines IT vendor risk management (IT VRM) as the discipline of addressing the residual risk that businesses and governments face when working with external service providers, IT vendors and related third parties. The scope typically addresses risks related to data protection, business continuity, security and other risk domains as relevant to laws, regulation and industry practices.
TI products and services deliver knowledge, information and data about cybersecurity threats and other organization-specific threat exposures, including but not limited to indicators of compromise (IOCs), threat actor attribution and campaigns. The output of these products and services aim to provide or assist in the curation of information about the identities, motivations, characteristics and methods of threats, commonly referred to as tactics, techniques and procedures (TTPs). The intent is to enable better decision making and improve security technology capabilities to reduce risk and the chance of being compromised.