5.3 Flashcards
MSPs
managed service provider
Organizations that provide a range of technology services and support to
businesses and other clients
Supply Chain Attack
■ An attack that targets a weaker link in the supply chain to gain access to a
primary target
■ Exploit vulnerabilities in suppliers or service providers to access more secure
systems
Semiconductors
● Essential components in a wide range of products, from smartphones and
cars to medical devices and defense systems
Vendor assessment
■ Process to evaluate the security, reliability, and performance of external entities
■ Crucial due to interconnectivity and potential impact on multiple businesses
vendors
provide goods or services to an organization
Suppliers
Involved in production and delivery of products or parts
Pen Test
Simulated cyberattacks to identify vulnerabilities in supplier systems
Right to Audit Clause
Contract provision allowing organizations to evaluate vendor’s internal processes
for compliance
■ Ensures transparency and adherence to standards
Internal Audits
Vendor’s self-assessment of practices against industry or organizational
requirements
■ Demonstrates commitment to security and quality
Independent Assessments
■ Evaluations conducted by third-party entities without a stake in the organization
or vendor
■ Provides a neutral perspective on adherence to security or performance
standards
Due Dilligence
● A rigorous evaluation that goes beyond surface-level credentials
● Includes the following
○ Evaluating financial stability
○ Operational history
○ Client testimonials
○ On-the-ground practices to ensure cultural alignmen
Check for conflicts of interest that could bias the selection process
Vendor Questionnaires
■ Comprehensive documents filled out by potential vendors
■ Vendor questionnaires provide insights into operations, capabilities, and
compliance
■ Standardized criteria for fair and informed decision-making
Rules of Engagement
■ Guidelines for interaction between organization and vendors
■ Cover communication protocols, data sharing, and negotiation boundaries
■ Ensure productive and compliant interactions
Feedback loops
Involve a two-way communication channel where both the organization
and the vendor share feedback
Basic Contract
Versatile tool that formally establishes a relationship between two parties
● Defines roles, responsibilities, and consequences for non-compliance
● Specifies terms like payment structure, delivery timelines, and product
specifications
SLA
Service Level Agreement (SLA)
● Defines the standard of service a client can expect from a provider
● Includes performance benchmarks and penalties for deviations
If a server is down for 1 week they owe you this amount of money
MOA
formal outlines specific responsibilities and roles
if two companies jointly work on marketing campaign this tells you what the responsibilities are broken out into
MOU
Less binding, expresses mutual intent without detailed specifics
MSA
● Covers general terms of engagement across multiple transactions
● Used for recurring client relationships, supplemented by Statements of
Work
SOW
● Specifies project details, deliverables, timelines, and milestones
● Provides in-depth project-related information
in depth
NDA
Non-Disclosure Agreement (NDA)
● Ensures confidentiality of sensitive information shared during
negotiations
● Commitment to privacy, protecting proprietary data
BPA or JV
Business Partnership Agreement (BPA) or Joint Venture Agreement (JV)
Goes beyond basic contracts when two entities collaborate
● Outlines partnership nature, profit-sharing, decision-making, and exit
strategies
● Defines ownership of intellectual property and revenue distributio
