5.3 Flashcards

1
Q

MSPs

A

managed service provider
Organizations that provide a range of technology services and support to
businesses and other clients

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Supply Chain Attack

A

■ An attack that targets a weaker link in the supply chain to gain access to a
primary target
■ Exploit vulnerabilities in suppliers or service providers to access more secure
systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Semiconductors

A

● Essential components in a wide range of products, from smartphones and
cars to medical devices and defense systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vendor assessment

A

■ Process to evaluate the security, reliability, and performance of external entities
■ Crucial due to interconnectivity and potential impact on multiple businesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

vendors

A

provide goods or services to an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Suppliers

A

Involved in production and delivery of products or parts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Pen Test

A

Simulated cyberattacks to identify vulnerabilities in supplier systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Right to Audit Clause

A

Contract provision allowing organizations to evaluate vendor’s internal processes
for compliance
■ Ensures transparency and adherence to standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Internal Audits

A

Vendor’s self-assessment of practices against industry or organizational
requirements
■ Demonstrates commitment to security and quality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Independent Assessments

A

■ Evaluations conducted by third-party entities without a stake in the organization
or vendor
■ Provides a neutral perspective on adherence to security or performance
standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Due Dilligence

A

● A rigorous evaluation that goes beyond surface-level credentials
● Includes the following
○ Evaluating financial stability
○ Operational history
○ Client testimonials
○ On-the-ground practices to ensure cultural alignmen
Check for conflicts of interest that could bias the selection process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Vendor Questionnaires

A

■ Comprehensive documents filled out by potential vendors
■ Vendor questionnaires provide insights into operations, capabilities, and
compliance
■ Standardized criteria for fair and informed decision-making

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Rules of Engagement

A

■ Guidelines for interaction between organization and vendors
■ Cover communication protocols, data sharing, and negotiation boundaries
■ Ensure productive and compliant interactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Feedback loops

A

Involve a two-way communication channel where both the organization
and the vendor share feedback

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Basic Contract

A

Versatile tool that formally establishes a relationship between two parties
● Defines roles, responsibilities, and consequences for non-compliance
● Specifies terms like payment structure, delivery timelines, and product
specifications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SLA

A

Service Level Agreement (SLA)
● Defines the standard of service a client can expect from a provider
● Includes performance benchmarks and penalties for deviations
If a server is down for 1 week they owe you this amount of money

17
Q

MOA

A

formal outlines specific responsibilities and roles
if two companies jointly work on marketing campaign this tells you what the responsibilities are broken out into

18
Q

MOU

A

Less binding, expresses mutual intent without detailed specifics

19
Q

MSA

A

● Covers general terms of engagement across multiple transactions
● Used for recurring client relationships, supplemented by Statements of
Work

20
Q

SOW

A

● Specifies project details, deliverables, timelines, and milestones
● Provides in-depth project-related information
in depth

21
Q

NDA

A

Non-Disclosure Agreement (NDA)
● Ensures confidentiality of sensitive information shared during
negotiations
● Commitment to privacy, protecting proprietary data

22
Q

BPA or JV

A

Business Partnership Agreement (BPA) or Joint Venture Agreement (JV)
Goes beyond basic contracts when two entities collaborate
● Outlines partnership nature, profit-sharing, decision-making, and exit
strategies
● Defines ownership of intellectual property and revenue distributio