Third-party Vendor Risks Flashcards
Supply Chain Attack
targeting a weaker link to gain access to the primary target
Managed Service Providers
provides a range of technology services and support to buisnesses/clients (Microsoft Office)
CHIPS Act
US federal statute that provides money in funding researc and manufacturing semiconducters in the USA
Vendor Assessment
process that org’s use to evalutate the security, reliability, and performance of external entiities
Vendor Assessment Targets (S MSP V)
Suppliers, Managerd Service Providers, Vendors
Penetration Testing
simulated cyberattack against the suppliers system to check for vulnerabilities
Internal Audit
vendor’s self assessment where they evualte their own pratices against industry standards
Independant Assessment
evaulation conducted by third-party entites that have no stake in the circle
Vendor Questionaire
documents that potential vendors fill out
Rule of Engagement
guidelines that dictate the terms of iteraction between vendor and orginzations
Feedback Loops
the two-way communication between venodr and org
Basic Contracts
establishes the relationship of two parties
Service Level Agreement (SLA)
standard of a service a client can expect from a provider
Memorandum of Agreement (MOA)
formal and outlines the specific responsiblities and roles of the involved
Memorandum of Understanding (MOU)
less bindign and more of a decleration of intent
Master Service Agreement (MSA)
blanket agreement that covers the general teams of engagment between parites across multiple transactions
Statement of Work
used to specify details for a particular project
Buisness Partnership Agreement
two entities decide to pool their resources
