Domain 1: Security and Risk Management; Security and 3rd Parties Flashcards
What is the goal of vendor governance (or vendor management)?
The goal of vendor governance is to ensure third parties are continually getting sufficient quality from their 3rd party providers.
Who provides vendor governance?
Often professionals within the organization, at the third party, or it can be outsourced. Ultimately the goal is for the strategic partnerships between the organizations to have the expected outcome.
Why should security be considered during the procurement of products and services from a third party?
While security will certainly not be the only, or most important consideration, the earlier security is involved the more of a chance there is a meaningful discussion about security challenges as well as countermeasures as a result of the procurement.
What is the risk of linking two corporate networks together and what are some ways of mitigating this risk?
Any security weaknesses exploited in one network could now be a risk for the other network. Ways of mitigating the risk is to do a proper security assessment including penetration testing and packet filtering between the networks.
