top of page
Security Assessment Morse.png

Security Improvement in Action 

Process.png
Health Check.png
Circle.png

Security Health Check

Control Weakness Identified

Tear Away_edited.png

Example: Third-Party Supplier Management

 

High-Level Domain Risk Description – The risk that an attacker could compromise services provided by a third-party supplier due to the supplier having inadequate security controls in place, resulting in data disclosure, corruption, or service interruption.

In the example below, we use a single security domain from the Risk Reduction Equaliser to demonstrate our improvement approach.

Define 2.png
Circle.png

Risk

Based on the control weaknesses identified in the Security Health Check, a detailed risk description is documented and then scored using a risk matrix.

Risk Description.png

No inventory of suppliers

No profiling to inform

inherent risk

Assurance reviews not 

conducted

Based on weaknesses risk assessed at:

 

  • Probability Likely

  • Impact High

Risk Matrix.png
SIP.png
Circle.png

Security Improvement Plan (SIP)

This consists of three core components to inform your approach:

  1. Activities

  2. Cost

  3. Priority

Extract from Risk Reduction Equaliser

Improvement Plan.png

Establish supplier inventory detailing what they do and how they access data.

Calculate suppliers’ inherent risk ‘score’ based on the  risk they pose.

Conduct regular security assurance activity based on suppliers’ inherent risk. 

Untitled-2.png

This depicts the Third-Party Supplier Management domain in our Risk Reduction Equaliser. It summarises the current risk position together with proposed financial investment and the corresponding risk-reduction aims.

Deliver.png
Circle.png

Deliver

Turning a plan into action brings its own challenges, but we can help you succeed:

Security Consultancy

Bespoke support, from stakeholder management to technical advisors.

Security Resources 

Access our industry-leading network of security practitioners.

Technical Partners

Work with security firms we trust to provide capability and support.

Coming Soon...
Security Assessment Morse.png

View Our

Case Studies

Health Check Logo.png
bottom of page