Risk and Third-Party Management Word Search
HardFind each risk or third-party concept hidden in the grid.
C
X
O
Z
A
O
L
H
F
Z
I
Z
A
A
H
F
D
L
U
R
P
J
M
A
B
P
C
L
C
R
K
B
O
R
E
E
Q
V
R
V
P
X
S
C
A
E
A
O
M
F
D
C
T
E
G
S
L
P
E
Z
A
A
E
T
S
P
T
N
I
N
T
X
K
P
V
U
P
R
T
N
G
A
C
A
Y
D
Z
B
T
T
H
O
G
C
A
G
B
K
A
I
S
O
J
A
B
I
T
Z
M
R
Q
U
I
C
R
L
Z
R
N
D
G
E
S
D
T
R
I
S
K
B
T
P
G
C
Z
A
L
M
I
T
I
G
A
T
I
O
N
M
E
S
E
B
T
N
E
M
S
S
E
S
S
A
O
O
G
N
A
D
O
N
G
C
E
I
F
J
T
Z
C
C
C
T
L
U
L
A
U
D
I
S
E
R
G
M
Y
S
M
Q
C
Y
N
S
V
D
S
M
X
M
O
O
K
T
E
L
N
C
I
N
H
E
R
E
N
T
T
Drag across letters, or tap the first and last letter. On a keyboard, use arrows + Enter.
Terms in this set
- Risk The likelihood and impact of a threat exploiting a vulnerability against an asset.
- Assessment A point-in-time review of controls, risks, or vulnerabilities to inform improvement.
- Vendor A third party providing goods or services — and a third-party risk that must be managed.
- Contract The agreement that binds vendor security obligations — DPAs, BAAs, MSAs, NDAs.
- SLA Service Level Agreement — measurable commitments for performance, uptime, and incident response.
- Tabletop A discussion-based exercise that walks responders through an incident scenario.
- Compliance Conforming to laws, regulations, contractual terms, and internal policy.
- Inherent The level of risk before any controls are applied.
- Residual The level of risk remaining after controls are applied.
- Mitigation Reducing risk by applying controls — the most common risk response.
- Transfer Shifting risk to a third party — typically via insurance or outsourcing.
- Acceptance Choosing to live with a risk because mitigation costs more than the impact.