An attack that involves targeting a weaker link in the supply chain to gain access to a primary target
Supply Chain Attack
U.S federal statute that provides roughly $280 billion in new funding to boost research and manufacturing of semiconductor inside the U.S
Chips Act
Essential components in a wide range of products, from smartphones and cars to medical devices and defense systems
Semiconductors
Organizations that provide a range of technology services and support to businesses and other clients
Managed Service Providers
Process that organizations implement to evaluate the security, reliability, and performance of external entities
Vendor Assessment
Businesses or individuals that provide goods and services to an organization
Vendors
Individuals involved in the production and delivery of products or parts of products
Suppliers
Individuals hired by companies to manage IT services on behalf of an organization
Managed Service Providers
Simulated cyberattack against the supplier’s system to check for explitable vulnerabilities
Penetration Testing
Vendor’s self-assessment, where they evaluate their own practices against industry standards or organizational requirements
Internal Audit
Evaluation conducted by third-party entities that have no stake in the organization’s or vendor’s operations
Independent Assessment
Used to dive deep into a vendor’s entire supply chain and assess the security and reliability
Supply Chain Analysis
Process that organizations implement to evaluate the security, reliability, and performance of external entities
Vendor Assessment
Arise when personal or financial relationships could potentially cloud the judgment of individuals involved in vendor selection
Conflict of Interest
Comprhensive documents that potential vendors fill out to offer insights into the operations, capabilities, and compliance
Vendor Questionaries
Guidelines that dictate the terms of interaction between an organization and its potential vendors
Rules of Engagement
Mechanism to ensure that the chosen vendor still alighns with the organizational needs and standards
Monitoring
Involves a two-way communication channel where both the organization and the vendor share feedback
Feedback Loops
A versatile tool that formally establishes a relationship between two parties
Basic Contract
The standard of service a client can expect from a provider
Service-Level Agreement (SLA)
Formal and outlines the specific responsibilities and roles of the involved parties
MOA
Less binding and more of a declaration of mutual intent
MOU
Blanket agreement that covers the general terms of engagement between parties across multiple transactions
Master Service Agreement (MSA)
Used to specify details for a particular project
SOW
-
Data Protection37
-
Cryptographic Solutions20
-
Fundamentals of Security59
-
Threat Actors40
-
Physical Security25
-
Social Engineering34
-
MALWARE27
-
Third-Party Vendor Risks26
-
Security Infrastructure93
-
Governance and Compliance39
-
Vulnerabilities and Attacks49
-
Asset and Change Management36
-
Cyber Resilience and Redundancy51
-
Security Techniques58
-
Security Architecture40
-
Incident Response33
-
Alerting and Monitoring20
-
Identity and Access Management Solution57
-
HARDENING25
-
Vulnerability Management20
-
Malicious Activity31
-
Security Awareness13
-
Investigating an Incident10
-
Orchestration and Automation31
-
Areas Need Improvement13
-
Test-Data Monitoring10
