IT Management: Managing Supply Chain and Vendors

Question 1

When evaluating new vendor, what would be the most appropriate minimum security standard for business to require of possible vendors?

Answer 1

compliance with the vendor’s own policies

Question 2

What is VMS?

Answer 2

• vendor management system
• software solution that assists with the management and procurement of staffing services, hardware, software, and other needed products and services
• offer ordering convenience, order distribution, order training, consolidated billing, and more

Question 3

What is the primary place where the minimum-security requirements for a third party should be documented?

Answer 3

contract or service-level agreement (SLA) established with that vendor

Question 4

What’s Supply Chain Risk Management (SCRM)?

Answer 4

means to ensure that all the vendors or links in the supply chain are reliable, trustworthy, reputable organizations that disclose their practices and security requirements to their business partners

Question 5

What’s third-party governance?

Answer 5

system of external entity oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing requirements

Question 6

What’s Documentation review?

Answer 6

process of reading the exchanged materials and verifying them against standards and expectations

Question 7

Who has the discretion to determine which breaches or security changes result in a loss of Authorization to Operate (ATO)?

Answer 7

Authorizing Official (AO)

Question 8

What are the four types of ATOs?

Answer 8

• authorization to operate
• common control authorization
• authorization to use
• denial of authorization