Difference between revisions of "Partner Misuse"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
| + | |||
{| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px" | {| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px" | ||
|- | |- | ||
| − | | '''1.''' | + | | '''1.''' Relationships with external parties are established because an organization requires the services/products from the vendors. These vendors have access to critical devices and classified information. Similar to [[Insider_Threat|insider threats]], vendors may harbor malicious intent and want to use their privileged status to sabotage the organization. |
| + | Related Term: [[The Human Element]] | ||
{{Bcm Institute Source}} | {{Bcm Institute Source}} | ||
| Line 10: | Line 12: | ||
<br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> | <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> | ||
| − | '''2.''' Doing business today requires trusted relationships with business partners and vendors. Partners can manage critical devices, store or aggregate sensitive data, and/or be provided with remote access into corporate networks. Just as employees may have malicious intentions, vendors and business partners may also leverage legitimate logical or physical access for unsanctioned access to data. Because of this, we consider partner misuse as a lethal data breach scenario. <br/> '''Source:''' (Verizon, 2016) <br/> | + | '''2.''' Doing business today requires trusted relationships with business partners and vendors. Partners can manage critical devices, store or aggregate sensitive data, and/or be provided with remote access into corporate networks. Just as employees may have malicious intentions, vendors and business partners may also leverage legitimate logical or physical access for unsanctioned access to data. Because of this, we consider partner misuse as a lethal data breach scenario.<br/> '''Source:''' (Verizon, 2016)<br/> <br/> '''3.''' Partner misuse involves semi-trusted entities who have some level of enterprise environment access and, either through purposeful maliciousness or inadvertent ineptitude, lead to a breach of that environment.<br/> '''Source:''' (Verizon, 2017) |
| − | <br/> | ||
| − | '''3.''' Partner misuse involves semi-trusted entities who have some level of enterprise environment access and, either through purposeful maliciousness or inadvertent ineptitude, lead to a breach of that environment. <br/> '''Source:''' (Verizon, 2017) | ||
[[Category:BCM Institute Cyber Security Glossary]] | [[Category:BCM Institute Cyber Security Glossary]] | ||
Revision as of 06:38, 31 August 2017
| 1. Relationships with external parties are established because an organization requires the services/products from the vendors. These vendors have access to critical devices and classified information. Similar to insider threats, vendors may harbor malicious intent and want to use their privileged status to sabotage the organization.
Related Term: The Human Element
|
A Manager's Guide to Business Continuity Management for Cyber Security Incident Response (2017) BUY!
2. Doing business today requires trusted relationships with business partners and vendors. Partners can manage critical devices, store or aggregate sensitive data, and/or be provided with remote access into corporate networks. Just as employees may have malicious intentions, vendors and business partners may also leverage legitimate logical or physical access for unsanctioned access to data. Because of this, we consider partner misuse as a lethal data breach scenario.
Source: (Verizon, 2016)
3. Partner misuse involves semi-trusted entities who have some level of enterprise environment access and, either through purposeful maliciousness or inadvertent ineptitude, lead to a breach of that environment.
Source: (Verizon, 2017)
