Third-party Vendor Risks Flashcards
What are Third-party Vendor Risks?
Potential security and operational challenges from external collaborators
Encompasses vendors, suppliers, or service providers.
What are common Threat Vectors?
Paths attackers use to gain access.
Define Attack Surfaces.
Points where an unauthorized user can try to enter.
What are Hardware Vulnerabilities?
Components with vulnerabilities.
What are Software Vulnerabilities?
Applications with hidden backdoors.
What are Operational Vulnerabilities?
Lack of cybersecurity protocols.
What is a Vendor Assessment?
Process to evaluate the security, reliability, and performance of external entities.
What does Penetration Testing involve?
Simulated cyberattacks to identify vulnerabilities in supplier systems.
What is the Right-to-Audit Clause?
Contract provision allowing organizations to evaluate vendor’s internal processes for compliance.
What does Vendor Selection entail?
A meticulous selection process to evaluate potential vendors.
What is the importance of Vendor Monitoring?
Ensures that the chosen vendor still aligns with organizational needs and standards.
What is a Service Level Agreement (SLA)?
Defines the standard of service a client can expect from a provider.
Fill in the blank: A ______ is a less binding agreement expressing mutual intent.
Memorandum of Understanding (MOU)
What is a Master Service Agreement (MSA)?
Covers general terms of engagement across multiple transactions.
What does a Statement of Work (SOW) specify?
Project details, deliverables, timelines, and milestones.
What is a Non-Disclosure Agreement (NDA)?
Ensures confidentiality of sensitive information shared during negotiations.
What are Supply Chain Attacks?
An attack that targets a weaker link in the supply chain to gain access to a primary target.
What is the CHIPS Act of 2022?
U.S. federal statute providing funding to boost semiconductor research and manufacturing in the U.S.
What are Trusted foundry programs?
Ensure secure manufacturing.
What is the risk associated with Secondary/Aftermarket Sources?
Risk of acquiring counterfeit or tampered devices.
What should be evaluated when selecting Service Providers/MSPs?
Data security measures, confidentiality and integrity, cybersecurity protocols.
What does Vendor Due Diligence involve?
Rigorous evaluation of vendor cybersecurity and supply chain practices.
What are Vendor Questionnaires?
Comprehensive documents filled out by potential vendors to provide insights into operations and compliance.
What is an Independent Assessment?
Evaluations conducted by third-party entities without a stake in the organization or vendor.
What are the main components of Vendor Selection Process?
- Evaluating financial stability
- Operational history
- Client testimonials
What is the purpose of Rules of Engagement?
Guidelines for interaction between organization and vendors.
True or False: The Vendor Assessment process is crucial due to interconnectivity and potential impact on multiple businesses.
True
What is the primary focus of Supply Chain Analysis?
Assessment of an entire vendor supply chain for security and reliability.
