Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our Vendor, Consultant and Contractor Security module. It is very important that you properly manage your relationships with third-party individuals, such as service providers, outsourcing providers. When you're dealing with merged businesses, or acquired organizations where two businesses become one, or partnerships where two different organizations are working together for a certain period of time.
You need to be aware of downstream liability or shared liability where your company can be responsible, and have to pay damages for something that one of your partners or contractors is responsible for. We have to be aware of many interactions that may exist, and manage these interactions. With our information systems, we have an interaction between hardware, firmware and software and we need to make sure that we can secure these systems properly in all of those areas.
We also have to manage our supply chain when we're dealing with outsourcing to other companies, contracting with individuals, or companies, offshoring and accepting services from other countries. It's important to make sure that we're managing our risks appropriately. And we need to make sure that we use service level agreements, or SLAs to ensure that we're able to accomplish our goals.
A lot of times, when you're dealing with the outside organizations, things will be outside of your direct control. This is true when dealing with systems integrators, service providers and suppliers. Whenever you're dealing with foreign countries, it is important to be familiar with international laws and regulations, and doing business in those countries.
And it is also important to be aware of the difficulties that may occur with enforcing contracts and service level agreements in different countries. If you are going to use contractors, you should make sure that you have controls in place to meet your due diligence requirements and the requirements of your organization in order to increase efficiency, and save money without adding extra risk.
It is very important to exercise due care when selecting third party individuals, because you could be liable for the actions of these individuals. Offshoring is known as international outsourcing, and it can include complications when dealing with other countries. You need to make sure that you are complying with the rules and regulations of your industry even if there are other countries involved.
But also be aware that certain laws like HIPAA are not applicable in other countries. So these countries may not be used to that type of compliance. Whenever you're dealing with third party services, it is very important to manage your information security risks, especially when you're exchanging or storing proprietary or confidential information.
You should make sure that you have contractor controls in place to ensure that your contractors are working within your required guidelines. You should perform on-site assessments and test for compliance at the contractor's facilities, and you should have tools and forms in place to perform short-term assessments, as well as long-term assessments.
You should have a process for exchanging documents with your contractors to make sure that all of the information is complete, accurate, and truthful. And you should verify that contractors only have access to information that they are permitted to access. You should also make sure that you have an independent audit done at your contractor's facility, to make sure that they are complying with the contract, and making sure that their facility is appropriate for the level of security needed in your organization.
You should make sure that in the contract with the individual contractor, or the service provider that you have the ability to go to their facility and conduct an audit. It is important to make sure that you manage the risk in your supply chain. You should make sure that you have security in place with your contracts and in your procurement process.
To make sure that all of your outsourcing agreements are reviewed for security clauses. And there should be penalties in place for the contractors that do not perform appropriately. Whenever you're purchasing hardware or software or a service from a third party provider, you should always make sure that the providers are able to maintain the confidentiality, integrity, and availability of your data and your systems.
When you are considering acquiring another company, you should be familiar with the risks that could occur during this process. When you are combining two different companies' hardware, software, and services, you must make sure that the security in place on the new company's equipment is appropriate. You should consider using common criteria or approved product lists to determine whether or not their items are appropriate for your environment.
You should use third party on-site assessments and monitoring as well as document exchange and review procedures, and reviewing of the policies and the procedures of the new company. And if they are out of date or not appropriate, you should make sure that they match the policies in your organization.
You should provide a set of minimum security standards with metrics that can be easily measured and monitored, and also require a timely improvement if their security policies are not up to standards. You should also have requirements in place to make sure that performance levels are being met. And if they are not, then these issues are resolved quickly.
This concludes our vendor, consultant, and contractor security module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!