Podcast Beta
Questions and Answers
What type of vendors may a company work with?
Why is it important to understand the risk associated with providing data to a third party?
What is a recommended practice when working with third-party vendors?
What can be a useful practice when contracting with a third-party vendor?
Signup and view all the answers
What happened to Target in 2013?
Signup and view all the answers
What is a common scenario when working with cloud services?
Signup and view all the answers
What was the primary source of the malware infection that affected Target's network?
Signup and view all the answers
What was the main consequence of the malware infection on Target's network?
Signup and view all the answers
What is the primary concern related to third-party vendors in the supply chain?
Signup and view all the answers
What is the benefit of performing an assessment of the supply chain?
Signup and view all the answers
What was the result of the software update provided by SolarWinds in 2020?
Signup and view all the answers
How many companies were infected as a result of the SolarWinds breach?
Signup and view all the answers
What is the primary concern when working with a business partner that has a direct network connection?
Signup and view all the answers
What is the recommended way to transfer data between business partners?
Signup and view all the answers
What is the purpose of having policies in place for handling risks with business partners?
Signup and view all the answers
What is the benefit of understanding how intellectual property should be handled between business partners?
Signup and view all the answers
What is the purpose of a service level agreement (SLA)?
Signup and view all the answers
What is the purpose of a Memorandum Of Understanding (MOU)?
Signup and view all the answers
What is the purpose of a Measurement System Analysis (MSA)?
Signup and view all the answers
What is the purpose of a Business Partnership Agreement (BPA)?
Signup and view all the answers
What is the purpose of a nondisclosure agreement (NDA)?
Signup and view all the answers
What is the difference between a unilateral and a bilateral nondisclosure agreement?
Signup and view all the answers
What happens when a manufacturer announces the end of life (EOL) for a product?
Signup and view all the answers
What is the difference between the end of life (EOL) and end of service life (EOSL) for a product?
Signup and view all the answers
Why is it important to understand the end of life (EOL) for a product?
Signup and view all the answers
What is the purpose of including a firewall or filter between two networks?
Signup and view all the answers
Study Notes
Third-Party Vendors and Security Concerns
- When working with third-party vendors, data sharing is inevitable, and it's essential to understand the risk associated with providing data to a third party.
- Categorize the risk for each vendor and have security policies and procedures in place to protect against the highest-risk vendors.
- Include security requirements in the initial contract to ensure everyone understands the requirements.
Third-Party Vendor Risks: Target Corporation Example
- In 2013, Target Corporation suffered a massive breach due to a third-party HVAC vendor's lack of security measures.
- The vendor's malware-infected email attachment led to the infection of Target's point-of-sale terminals, resulting in the theft of over 110 million credit card numbers.
- This incident highlights the importance of evaluating the security measures of third-party vendors.
Supply Chain Security Concerns
- The supply chain involves multiple organizations, people, and resources, making it challenging to understand the security methods in place.
- Assess the supply chain to identify security risks and improve the process.
- Evaluate the IT systems supporting the supply chain and document changes as needed.
Supply Chain Breach Example: SolarWinds
- In 2020, a software update from a network management provider installed malware onto customers' systems, affecting at least 18,000 companies.
- The malware was digitally signed with the provider's certificate, making it trusted by customers.
- This breach emphasizes the importance of evaluating the security measures in the supply chain.
Business Partners and Security Concerns
- When working with business partners, there may be direct network connections between organizations, creating significant security concerns.
- Implement policies to handle risks, such as building an IPsec connection and monitoring for malicious activity.
- Configure firewalls or filters to manage traffic between networks.
Agreements with Third-Parties
- Service Level Agreements (SLAs) set minimum service terms for specific services or products.
- Memorandums of Understanding (MOUs) outline expectations and requirements between organizations.
- Measurement System Analysis (MSA) evaluates and assesses the quality of measurement systems.
- Business Partnership Agreements (BPAs) detail ownership stakes, financial agreements, and decision-making processes.
- Nondisclosure Agreements (NDAs) ensure confidentiality between parties sharing sensitive information.
End of Life and End of Service Life
- Understand when a product's end of life and end of service life might be, as manufacturers may stop selling and supporting products.
- Plan for security patches and updates when a product reaches its end of life and end of service life.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz explores the importance of data sharing in third party vendor relationships, including payroll, email marketing, travel, and raw materials.