Supply Chain Security
10 Steps to Cyber Security
Supply Chain Security
Most organisations rely upon suppliers to deliver products, systems, and services. An attack on your suppliers can be just as damaging to you as one that directly targets your own organisation.
Supply chains are often large and complex, and effectively securing the supply chain can be hard because vulnerabilities can be inherent, introduced or exploited at any point within it. The first step is to understand your supply chain, including commodity suppliers such cloud service providers and those suppliers you hold a bespoke contract with.
Exercising influence where you can, and encouraging continuous improvement, will help improve security across your supply chain.
Requiring your suppliers meet the requirements of the Cyber Essentials scheme for example is a great first step in ensuring they are adopting basic best practices in cyber security and in doing so reduce the risk to your organisation.
Securing Your Supply Chain
Paul Crumpton, Partner Services Manager at IASME joins the 10 Steps to Cyber Security Video Series to deep dive into Supply Chain Security.
This episode covers:
- What is Supply Chain Security and why is it so important?
- Understanding and securing your supply chain
- Practical advice and implementation tips
Solutions for Supply Chain Security
Vulnerability Assessment
A Vulnerability Assessment is an automated activity that actively scans for possible security vulnerabilities within an internal or external infrastructure (including all systems, network devices and communication equipment connected to that network) that cybercriminals could exploit.
It is conducted against infrastructure IP addresses and produces a report to identify any issues found and allow you to resolve them.
Cyber Essentials
Cyber Essentials is a UK government backed scheme owned and run by GCHQ. The aim of the scheme is provide a simple framework for UK businesses to follow to achieve a basic standard of cyber security.
It has two levels of certification, Standard which is an online self-assessment, and Cyber Essentials Plus which is an on-site audit of the responses provided by your organisation in the Standard version of the assessment.
Penetration Testing
Penetration Testing is a way to identify vulnerabilities before attackers do, evaluate how effectively you can respond to security threats, assess your compliance with security policies, and improve the level of security awareness amongst your staff.
An expert penetration tester (sometimes known as ethical or white-hat hackers) will run the tests. The penetration test will include a Vulnerability Assessment for an initial sweep of the infrastructure, but the key here is that the penetration tester will use the output of the Vulnerability Assessment and combine it with their experience and skillset to penetrate further into your network.
They will perform research and reconnaissance, threat analysis and exploitation of the vulnerabilities identified to reveal the full extent of your information security and its weaknesses.
The report from a penetration test provides a detailed list of any threats or vulnerabilities found and our recommended remedial actions. Threats and vulnerabilities are ranked in order of criticality. The report will also contain an executive summary and an attack narrative which will explain the risks in business terms.
Our Vendor Partners
We work alongside the most reputable vendors in cybersecurity to ensure your people can work safely from anywhere.
Speak With an Expert
Enter your details and one of our specialists will be in touch.
Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.
Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.
We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.