I'm not very familiar with B2B integrations. No one in our small organization is, but we need to conduct some assessments. How does one assess a B2B integration? It seems like there would be gaps between a risk assessment framework like NIST or ISO and both the technical and non-technical elements of an integration.
Asked
Active
Viewed 221 times
1 Answers
1
You conduct a B2B integration risk assessment the same way you generally do any other risk assessment. What are the risks of connecting your enterprise system with another business' enterprise system? What do you allow them to do in your system? Do you restrict them from accessing systems they shouldn't with ACLs? Do you make sure there are no shared accounts they use to interact with your system? Do you log all of the activity they do within your network? All of the things a framework like NIST does for your entire enterprise can be pointed at that connection with the other business.
Ryan Kelso
- 1,230
- 9
- 14