Quiz: Cyber-risk through 3rd party vendors

1. Which of the following is not considered a third party?

Untitled multiple choice field

Contractors working in your IT team

The vendor engaged to train your team in agile coaching

Business units

Social media agency developing content

2. Which of the following is not a typical vendor security question?

Untitled multiple choice field

Is there a formal process to review user access?

Is expired media securely disposed?

What due diligence is performed on vendors/ contractors?

Where have your employees in the security team worked previously?

3. Why is third party cyber risk important?

Untitled multiple choice field

Potential of a data breach

Potential customer data theft

Potential of data mishandling

All of the above

4. You have narrowed down to 2 choices of a third party vendor to work with. How would you make the selection if you are concerned about security?

Untitled multiple choice field

Choose the vendor with ISO27001 certification to ensure security

Choose the vendor that has done multiple similar projects

Choose the cheaper vendor

Choose the most reputable vendor

5. What should you do if your third party vendor informs you of a breach that has occurred in their systems?

Untitled multiple choice field

Stop working with the vendor immediately

Get your incidence response team to collaborate with the vendor, isolate and stop the breach

Change to using internal processes and disconnect all work with the vendor

Use your own backup of all systems

6. You have shortlisted 3 third party vendors to help with a scope of work that involves critical customer data and shared your company’s Technology & Risk Management (TRM) documentation with them. The vendors are requesting over 3 weeks of time to answer whether or not they comply with everything in your TRM but your project is urgent and you need to select a vendor and get them to start work by this week. What should you do?

Untitled multiple choice field

Skip the TRM process and select the lowest quote

Go with the vendor that has the most experience in similar projects

Choose the most reputable and credible vendor

Go through a phone call with each vendor and ask them whether they comply with the TRM requirements individually

7. What are the most common reasons for third party breaches?

Untitled multiple choice field

Human error

Lack of using a firewall

Insufficient employee training

Vendors taking on unnecessary risk

8. What is an example of privilege misuse?

Untitled multiple choice field

Unauthorised sharing of your organisation’s credentials with a sub-contractor

Using the third party vendor’s existing access to your data to perform required tasks

The third party vendor develops a cross-selling opportunity using your data

The third party vendor planting malicious code in your systems

9. What are the main components of costs in a data breach?

Untitled multiple choice field

Loss of business attributed to the breach

Reputational damage

Engaging a forensic investigator

All of the above

10. Which of the following specify a way of calculating the costs of a data breach?

Untitled multiple choice field

Activity based costing - Identify the activities in an organisation and assign the cost of the activity based on actual consumption of the related products and services

Calculating how much the company would have lost because of the breach

Estimating the loss due to reputational damage

Estimation of opportunity cost