top of page
Security Assessment Morse.png

Security Improvement in Action 

Process Icon

Security Health Check

Control Weakness Identified

Icon

Example: Third-Party Supplier Management

 

High-Level Domain Risk Description – The risk that an attacker could compromise services provided by a third-party supplier due to the supplier having inadequate security controls in place, resulting in data disclosure, corruption, or service interruption.

In the example below, we use a single security domain from the Risk Reduction Equaliser to demonstrate our improvement approach.

Health Check Icon
Circle Icon
Define Icon
Circle Icon

Risk

Based on the control weaknesses identified in the Security Health Check, a detailed risk description is documented and then scored using a risk matrix.

Risk Description

No inventory of suppliers

No profiling to inform

inherent risk

Assurance reviews not 

conducted

Based on weaknesses risk assessed at:

 

  • Probability Likely

  • Impact High

Risk Matrix Graphic

Security Improvement Plan (SIP)

This consists of three core components to inform your approach:

  1. Activities

  2. Cost

  3. Priority

Extract from Risk Reduction Equaliser

Improvement Plan Graphic

Establish supplier inventory detailing what they do and how they access data.

Calculate suppliers’ inherent risk ‘score’ based on the  risk they pose.

Conduct regular security assurance activity based on suppliers’ inherent risk. 

SIP Icon
Circle Icon
Risk Reduction Equaliser Graphic

This depicts the Third-Party Supplier Management domain in our Risk Reduction Equaliser. It summarises the current risk position together with proposed financial investment and the corresponding risk-reduction aims.

Deliver Icon
Circle Icon

Deliver

Turning a plan into action brings its own challenges, but we can help you succeed:

Security Consultancy

Bespoke support, from stakeholder management to technical advice.

i-confidential Security Consultancy Offering Logo
i-confidential Security Resources Offering Logo

Security Resources 

Access our industry-leading network of security practitioners.

Security Assessment Morse.png

View Our

Case Studies

i-confidential Security Health Check Offering Logo
bottom of page