5.3 Flashcards
MSPs
managed service provider
Organizations that provide a range of technology services and support to
businesses and other clients
Supply Chain Attack
■ An attack that targets a weaker link in the supply chain to gain access to a
primary target
■ Exploit vulnerabilities in suppliers or service providers to access more secure
systems
Semiconductors
● Essential components in a wide range of products, from smartphones and
cars to medical devices and defense systems
Vendor assessment
■ Process to evaluate the security, reliability, and performance of external entities
■ Crucial due to interconnectivity and potential impact on multiple businesses
vendors
provide goods or services to an organization
Suppliers
Involved in production and delivery of products or parts
Pen Test
Simulated cyberattacks to identify vulnerabilities in supplier systems
Right to Audit Clause
Contract provision allowing organizations to evaluate vendor’s internal processes
for compliance
■ Ensures transparency and adherence to standards
Internal Audits
Vendor’s self-assessment of practices against industry or organizational
requirements
■ Demonstrates commitment to security and quality
Independent Assessments
■ Evaluations conducted by third-party entities without a stake in the organization
or vendor
■ Provides a neutral perspective on adherence to security or performance
standards
Due Dilligence
● A rigorous evaluation that goes beyond surface-level credentials
● Includes the following
○ Evaluating financial stability
○ Operational history
○ Client testimonials
○ On-the-ground practices to ensure cultural alignmen
Check for conflicts of interest that could bias the selection process
Vendor Questionnaires
■ Comprehensive documents filled out by potential vendors
■ Vendor questionnaires provide insights into operations, capabilities, and
compliance
■ Standardized criteria for fair and informed decision-making
Rules of Engagement
■ Guidelines for interaction between organization and vendors
■ Cover communication protocols, data sharing, and negotiation boundaries
■ Ensure productive and compliant interactions
Feedback loops
Involve a two-way communication channel where both the organization
and the vendor share feedback
Basic Contract
Versatile tool that formally establishes a relationship between two parties
● Defines roles, responsibilities, and consequences for non-compliance
● Specifies terms like payment structure, delivery timelines, and product
specifications