Vendor Risk Assessment Matrix

If you’re looking to effectively manage supply chain security risks, this is your essential tool. It categorizes vendors into low, medium, and high risk using a simple triaging process, guiding the assessment frequency and method. It covers various assessment types, including self-attestation, third-party assessments, OSINT/scoring, technical assessments, validated assessments, and onsite evaluations. It highlights key considerations such as data confidence, assessment constraints, and vendor participation, providing a comprehensive framework for effective vendor risk management.

This cheat sheet supports the content taught in SEC547 Defending Product Supply Chains and was created by Tony Turner.

August 6, 2024

Login to download

Vendor Risk Assessment Matrix

Related Content

Coolest Careers Poster

SANSがおすすめするサイバーセキュリティの仕事20選: ブルーチーマー - オールラウンドなディフェンダー

ブルーチーマー - オールラウンドなディフェンダーの主な業務や、スキルアップのためのSANSのおすすめのコースを紹介します！

Coolest Careers Poster

SANSがおすすめするサイバーセキュリティの仕事20選: 最高情報セキュリティ責任者（CISO）

最高情報セキュリティ責任者（CISO）の主な業務や、スキルアップのためのSANSのおすすめのコースを紹介します！

5 Advantages of Taking Your Next Blue Team Course via SANS OnDemand

There’s a lot going on in the world right now, but one thing that many experts seem to agree on is that now is the time for the cybersecurity community to be vigilant. Attacks are on the rise and it’s never been more important to keep your skills sharp and ready to defend.If you’re a cyber defender...