Aware IT, Cyber Security Consulting
Aware IT, Cyber Security Consulting
  • Home
  • Consulting Services
  • Secure Forte
  • Testing
  • Contact Us
  • More
    • Home
    • Consulting Services
    • Secure Forte
    • Testing
    • Contact Us
  • Home
  • Consulting Services
  • Secure Forte
  • Testing
  • Contact Us

Supplier Cyber Risk Management

What is it?

 

 A lack of cyber security preparedness of your suppliers presents a risk to your business as well as their own.  Along with our partner, Secure Forte, we can assess the risk to your organisation as a consequence of you using products and services from your suppliers and/or allowing them access to your business data.  Our assessment is based on four components:


  • Examining and classifying what of your data is available to the supplier and the impact to your organisation of data theft, corruption or service disruption;
  • General assessment of the suppliers' size, reputation, and financial viability;
  • An assessment of the quality of the supplier's services based on relevant controls from the ISO/IEC 9126 software engineering standard; and
  • An assessment of the suppliers' internal cyber security  controls against the NIST Cyber Security Framework controls.


Why test?

What to assess?

What to assess?

Many businesses rely heavily on thrid-party suppliers to execute business-critical functions for them.  Your suppliers may have access to your sensitive business data, client details, including private information protected by legislation.  Routinely assessing the cyber security preparedness of your suppliers should be a key component of your business risk mangement.

What to assess?

What to assess?

What to assess?

  • Firstly, classify and understand the importance of your business data that the supplier can access.
  • Assess the reliability of the supplier - is it a large profitable company or a small start-up with little financial reserves? 
  • Does the supplier have adequate cyber insurance in the event that something does go wrong?
  • What is the jurisdiction of your agreement contract with them - Australian law or somewhere else? 
  • Does the supplier have adequate, trained staff to support your needs at the time you need that support?
  • Have their systems been developed securely (recent large data breaches have been the result of poor API security)?



Copyright © 2023 Awareit Pty Ltd - All Rights Reserved.

Powered by GoDaddy

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept