5.3-5.6 Flashcards
supply chain analysis
get a product or service from supplier to customer.
rules of engagement
an important document, defines purpose and scope, makes everyone aware of the test parameters.
vendor independent assessments
bring in a smart person or team to evaluate security and provide recommendations
conflict of interest
a personal interest could compromise judgement, a potential partner also does business with your largest competior
MOA
memorandum of agreement. next step above a mou, is legally binding
MSA
Master Service Agreement. legal contract and agreement of terms. future projects will based on this
wo/SOW
work order/scope of work
specific list of items to be completed. details the scope of the job, location, etc…
bpa
business partners agreement, going into business togethers
compliance
internal- monitor and report on organizational compliance efforts.
external-documentation required by external or industry regulators
contractual impacts
some business deals may require a minimum compliance level.
attestation and acknowledgement
someone must sign off on formal compliance documentation
privacy legal implications
a constantly evolving set of guidelines.
local/regional-state
national-country
global-countries
gdpr
General Data Protection Regulation gives data subjects control of their personal data in europe
data subject
any information relating to an identified or identifiable natural person
data responsibilities
data owner-accountable for specific data