Section 10.90 Third-party Vendor Risks & Supply Chain Risks

Question 1

Third-party Vendor Risks

Answer 1

Potential security and operational challenges from external collaborators e.g Vendors, suppliers or service providers.

Risk: Impact on integrity, data security, and overall business continuity

Question 2

Supply Chain Risks 1

Hardware Manufacturers

Answer 2

Products like routers and switches are composed of many components from various suppliers

Rigorous supply chain assessments needed to trace origins and component integrity

Component tampering or untrustworthy vendors can introduce vulnerabilities

Question 3

Hardware Manufacturers

Secondary/Aftermarket Sources

Answer 3

Risk of acquiring counterfeit or tampered devices

Budget-friendly but high-risk option

Devices may contain malware or vulnerabilities

Question 4

Supply Chain Risks 2

Software Developers/Providers

Answer 4

Check for proper licensing, authenticity, known vulnerabilities, and malware

Proprietary software can be scanned for vulnerabilities

Open-source software allows source code review

Software developers and software providers are integral cogs in the supply chain however software can introduce vulnerabilities

Question 5

Supply Chain Risks 3

Service Providers/MSPs

Answer 5

Organisations that provide a range of technology services and support to businesses and other clients

● Data confidentiality and integrity concerns

● Assess provider’s cybersecurity protocols and support for security incidents

Question 6

Third-party Vendor Considerations

Answer 6

● Evaluate data security measures

● Ensure confidentiality and integrity

● Assess cybersecurity protocols

● Response to a security breach