Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TPCRA: Lesson 4: Physical Validation > Physical Validation: Workshop and Summary > Flashcards

Physical Validation: Workshop and Summary Flashcards

1
Q

Physical Validation

A

Physical Validation is one of the most important due diligence activities for higher risk vendors as it provides a much higher quality in terms of the scope and confirmation of controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Physical Validation Wrap Up

A

Physical Validation is a best practice, and an expectation, for your higher-risk third parties. This step can help you flush out what is actually happening compared to what their policies say they are doing. Physical validation activities should focus on conversations around risk domains & processes, allow you to physically check evidence of controls, and avoid checklists.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Physical Validation Workshop:
Review the scenario below and discuss what sites you would include in an onsite review, as well as what specific questions you would ask:
-Widget Enterprises uses JSC for HR Software
-JSC provides a SaaS Solution that is hosted in AWS
-JSC corporate HQ is in Nashville TN - Most employees are hybrid out of this office
-JSC has a software development shop in Poland
-JSC has a customer support vendor (Nth party) in Philippines
-JSC leverages NIST-CSF for cyber framework
-JSC has undergone a remote assessment previously on intake - there was a finding of inadequate DLP, pending remediation in 3 months
-JSC does not provide any details prior to the physical validation
-Your main contact at JSC is the internal sales manager, the corporate attorney, and the technical engineer

A

Where should you conduct on site?
-Headquarters

Schedule is so important because hybrid means they can still be in person

If you do want to do a physical onsite in other countries, high in a big 4 to do it as they already have locations there.

What are some initial things they want to ask or set up questions prior to the visit?
-Ask about the ability of resources and contacts.
-This requires planning, thinking ahead, where are they located?

Using off shore facilities?
-Clearly defined scope, making sure vendor clearly understands what is expected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

WATCH THESE VIDEOS!

A

Watch Hackers Break Into the US Power Grid
https://www.youtube.com/watch?v=pL9q2lOZ1Fw

TPRA Video
https://www.youtube.com/watch?v=_HLlHjy-cA4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Virtual Visit Discussion

A

Dive into the NIST-CSF controls to understand how you can design a conversational based Physical Validation assessment, rather than a checklist.

NIST-CSF Spreadsheet: https://www.nist.gov/cyberframework/framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

TPCRA: Lesson 4: Physical Validation (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions