Podcast
Questions and Answers
What should a company do to protect against the highest risk vendors?
What should a company do to protect against the highest risk vendors?
- Have security policies and procedures in place (correct)
- Avoid working with any third-party vendors
- Share all data openly with third parties
- Only work with cloud services
Why is it important to categorize the risk associated with providing data to third party vendors?
Why is it important to categorize the risk associated with providing data to third party vendors?
- To avoid sharing any data with third parties
- To determine the price of the services
- To identify the highest risk vendors (correct)
- To increase data sharing with third parties
What happened in November of 2013 involving Target and a third party vendor?
What happened in November of 2013 involving Target and a third party vendor?
- Target refused to work with any third party vendors
- An enormous breach to the network was caused by a security policy breach (correct)
- All vendors followed security policies strictly
- An increase in sales occurred due to effective vendor management
Why is it important to have a list of security requirements in the original contract with a third party vendor?
Why is it important to have a list of security requirements in the original contract with a third party vendor?
What is almost required when working with a cloud service?
What is almost required when working with a cloud service?
What kind of data is shared with third party vendors in business relationships?
What kind of data is shared with third party vendors in business relationships?
What type of agreement sets a minimum set of service terms for a particular service or product when working with a third party?
What type of agreement sets a minimum set of service terms for a particular service or product when working with a third party?
Which document acts as an informal letter of intent between two parties and may contain confidential information related to a particular business process?
Which document acts as an informal letter of intent between two parties and may contain confidential information related to a particular business process?
What type of agreement creates confidentiality between parties to prevent the disclosure of shared information to others?
What type of agreement creates confidentiality between parties to prevent the disclosure of shared information to others?
Which evaluation assesses the quality of the measurement process used in a company's measurement systems?
Which evaluation assesses the quality of the measurement process used in a company's measurement systems?
What agreement provides details about ownership stakes, financial agreements, and decision-making in a business partnership?
What agreement provides details about ownership stakes, financial agreements, and decision-making in a business partnership?
When does a manufacturer stop selling and supporting a product?
When does a manufacturer stop selling and supporting a product?
Which type of agreement is an informal letter of intent that may not have the same binding qualities as a contract?
Which type of agreement is an informal letter of intent that may not have the same binding qualities as a contract?
How did the malware initially infect the Target network?
How did the malware initially infect the Target network?
What was a consequence of the malware infecting the Target network?
What was a consequence of the malware infecting the Target network?
Why is it important to assess security risks in the supply chain?
Why is it important to assess security risks in the supply chain?
How did SolarWinds customers unknowingly install malware onto their systems?
How did SolarWinds customers unknowingly install malware onto their systems?
What made customers trust the malware-infected software update from SolarWinds?
What made customers trust the malware-infected software update from SolarWinds?
What can be a potential security concern between a business partner's network and your corporate network?
What can be a potential security concern between a business partner's network and your corporate network?
Why might an IPsec connection between corporations pose a risk?
Why might an IPsec connection between corporations pose a risk?
Why is it important for a company to categorize the risk associated with providing data to third party vendors?
Why is it important for a company to categorize the risk associated with providing data to third party vendors?
What is a crucial step in protecting against potential security breaches when working with third party vendors?
What is a crucial step in protecting against potential security breaches when working with third party vendors?
What role does the original contract play in maintaining security standards with third party vendors?
What role does the original contract play in maintaining security standards with third party vendors?
In what situation would a company not be as vulnerable to data breaches when working with third party vendors?
In what situation would a company not be as vulnerable to data breaches when working with third party vendors?
What potential consequence could arise if a company fails to categorize the risk associated with sharing data with third party vendors?
What potential consequence could arise if a company fails to categorize the risk associated with sharing data with third party vendors?
How can having a list of security requirements in the original contract benefit a company working with third party vendors?
How can having a list of security requirements in the original contract benefit a company working with third party vendors?
What document provides a way for a company to evaluate and assess the quality of the process used in their measurement systems?
What document provides a way for a company to evaluate and assess the quality of the process used in their measurement systems?
What was the initial infection vector for the malware that affected the Target network?
What was the initial infection vector for the malware that affected the Target network?
In a business partnership, which agreement provides information about ownership stakes, financial agreements, and decision-making processes?
In a business partnership, which agreement provides information about ownership stakes, financial agreements, and decision-making processes?
Why did the malware manage to spread from the HVAC vendor to the Target servers?
Why did the malware manage to spread from the HVAC vendor to the Target servers?
Which type of agreement is an informal understanding between two parties that may contain confidential information regarding a specific business process?
Which type of agreement is an informal understanding between two parties that may contain confidential information regarding a specific business process?
What allowed attackers to gain access to over 110 million credit card numbers in the Target breach?
What allowed attackers to gain access to over 110 million credit card numbers in the Target breach?
When working with third parties, what provides a minimum set of service terms for a particular service or product?
When working with third parties, what provides a minimum set of service terms for a particular service or product?
What is a potential consequence of not assessing security risks in the supply chain?
What is a potential consequence of not assessing security risks in the supply chain?
What is a common way to manage exactly what type of traffic can be transferred between two networks when in a business partnership?
What is a common way to manage exactly what type of traffic can be transferred between two networks when in a business partnership?
Why did SolarWinds customers unknowingly install malware onto their systems?
Why did SolarWinds customers unknowingly install malware onto their systems?
In the context of confidentiality between parties, which agreement creates privacy between them to avoid disclosing shared information?
In the context of confidentiality between parties, which agreement creates privacy between them to avoid disclosing shared information?
How did attackers compromise thousands of networks through SolarWinds?
How did attackers compromise thousands of networks through SolarWinds?
When planning to go into business with a third party, what might be used as an informal letter of intent regarding specific business processes?
When planning to go into business with a third party, what might be used as an informal letter of intent regarding specific business processes?
What poses a significant security concern in a direct network connection between a corporate network and a business partner's network?
What poses a significant security concern in a direct network connection between a corporate network and a business partner's network?
What type of agreement may not have the binding qualities of a full contract but informs parties of expectations?
What type of agreement may not have the binding qualities of a full contract but informs parties of expectations?
Why is it crucial to monitor data transfer between corporate and business partner networks?
Why is it crucial to monitor data transfer between corporate and business partner networks?
When working with third parties, what kind of agreement might set a minimum level of service for internet access?
When working with third parties, what kind of agreement might set a minimum level of service for internet access?
What is one crucial step in handling risks associated with a direct network connection between corporate and business partner networks?
What is one crucial step in handling risks associated with a direct network connection between corporate and business partner networks?
What is used to assess the quality of the process in the measurement systems within a company?
What is used to assess the quality of the process in the measurement systems within a company?
Why should policies be established for secure data transfer between corporate and business partner networks?
Why should policies be established for secure data transfer between corporate and business partner networks?
