Introduction
This chapter covers the third objective in Domain 5.0, Security Program Management and Oversight, of the CompTIA Security+ exam.
In this chapter, we will explore vendor assessment methodologies, such as penetration testing, internal and external audits, and the inherent risk of having a third party in your supply chain, as well as issues of due diligence and conflicts of interest. Finally, we will review the different types of agreements that an organization might enter into with third-party vendors and the importance of proactive vendor monitoring, including the establishment of clear rules of engagement to ensure mutual understanding and adherence to the established protocols.
This chapter will give you an overview of why third-party risk assessment is vital. This will enable you to answer all exam questions related to these concepts for your certification.
Note
A full breakdown of Exam Objective 5.3 will be provided at the end of the chapter.