5.3 - CompTIA Security+

0.0(0)
studied byStudied by 0 people
linked notesView linked note
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/16

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

17 Terms

1
New cards

Penetration testing

A simulated cyber attack against an organization's systems or networks to identify vulnerabilities that could be exploited by attackers.

2
New cards

Right-to-audit clause

A contractual provision that grants an organization the authority to conduct audits or assessments of vendor operational practices, information systems, and security controls.

3
New cards

Evidence of internal audits

Evidence that the vendor has internal audit practices, which provide an independent and objective evaluation of internal controls and risk management practices.

4
New cards

Independent assessments

Engaging with independent experts to evaluate and verify vendor capabilities, security, and compliance practices.

5
New cards

Supply chain analysis

Evaluating the security posture and risk management practices of all entities involved in the production and delivery of goods.

6
New cards

Due diligence

A legal principle that a subject has used best practice or reasonable care when setting up, configuring, and maintaining a system, or investigating vendors.

7
New cards

Conflict of interest

Occurs when an individual or organization has competing interests or obligations that could compromise their ability to act objectively or impartially.

8
New cards

Service-level agreement (SLA)

A legally binding agreement that sets the service requirements and expectations between a consumer and a provider.

9
New cards

Memorandum of agreement (MOA)

A legal document forming the basis for two parties to cooperate without a formal contract, which can be legally binding depending on terms.

10
New cards

Memorandum of understanding (MOU)

A nonbinding agreement outlining intentions, shared goals, and general terms of cooperation between parties.

11
New cards

Master service agreement (MSA)

A legally binding contract that establishes precedence and guidelines for any business documents executed between two parties.

12
New cards

Work order (WO)/statement of work (SOW)

A legally binding document that defines the expectations, scope, and deliverables for a specific business arrangement.

13
New cards

Non-disclosure agreement (NDA)

A legally binding document that ensures the confidentiality and protection of sensitive information shared during the relationship.

14
New cards

Business partners agreement (BPA)

An agreement by two companies to work together closely, such as partner agreements between large IT companies and resellers.

15
New cards

Vendor monitoring

The process of continuously overseeing and evaluating vendors to ensure adherence to security standards and compliance requirements.

16
New cards

Questionnaires

Structured means of obtaining consistent information in vendor management, enabling more effective risk analysis and comparison.

17
New cards

Rules of Engagement (RoE)

A definition of how a pen test will be executed, providing guidelines for the pen tester regarding permissions and constraints.