Vulnerabilities

Question 1

What are four example of Weak Configurations?

Answer 1

1) Default Configuration
2) Having weak or no encryption
3) Unsecure Protocols
4) Having open permissions
- Everyone permissions

Question 2

What are some of the risks associated with third parties?

Answer 2

1) Intellectual property theft
2) Identity/ credential theft
3) Network intrusion
4) Reputation damage
5) Vendor support
6) Data
- Storage
- Whose jurisdiction is the data in if it is in the
cloud
- Loss/ Leakage
- Theft

Question 3

What are some possible issues with working with a third party vendor?

Answer 3

1) Vendor reputation
2) Lack of visibility
3) Compliance risk

Question 4

What are some possible benefits with working with a third party vendor?

Answer 4

1) Vendor screen
2) Documentation
- Transference of risk
3) Risk management
4) Compliance monitoring

Question 5

Give examples of system integration with third parties.

Answer 5

1) Social media
- Facebook, Twitter, Instagram
2) Delivery system
- UPS, USPS, DHL, FEDEX
3) Payment systems
- Paypal, Apple Pay, Google Wallet

Question 6

What are some common challenges with outsourced code when dealing with a third party?

Answer 6

1) Code quality/ protection
2) Compliance risk
3) Non-disclosure agreements
4) SDLC issues
-Software development lifecycle

Question 7

What are some common vulnerabilities?

Answer 7

1) Patch management
- Firmware, OS, Application
2) Legacy systems
- Lack of vendor support
- Lack of patching
- Lack of security support
3) Zero-day
- Most vulnerable, no vendor awareness, and no
patches