book

Cybersecurity and Third-Party Risk

Name: Cybersecurity and Third-Party Risk
Author: Gregory C. Rasner
ISBN: 9781119809555

by Gregory C. Rasner

July 2021

Intermediate to advanced

480 pages

9h 38m

English

Wiley

Read now

Unlock full access

Cover
Title Page
Introduction
Who Will Benefit Most from This BookSpecial Features
Chapter 1: What Is the Risk?
The SolarWinds Supply‐Chain AttackThe VGCA Supply‐Chain AttackThe Zyxel Backdoor AttackOther Supply‐Chain AttacksProblem ScopeCompliance Does Not Equal SecurityThird‐Party Breach ExamplesConclusion
Chapter 2: Cybersecurity Basics
Cybersecurity Basics for Third‐Party RiskCybersecurity FrameworksDue Care and Due DiligenceCybercrime and CybersecurityConclusion
Chapter 3: What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk
The Pandemic ShutdownSolarWinds Attack UpdateConclusion
Chapter 4: Third‐Party Risk Management
Third‐Party Risk Management FrameworksThe Cybersecurity and Third‐Party Risk Program ManagementKristina Conglomerate (KC) EnterprisesConclusion
Chapter 5: Onboarding Due Diligence
IntakeCybersecurity Third‐Party IntakeConclusion
Chapter 6: Ongoing Due Diligence
Low‐Risk Vendor Ongoing Due DiligenceModerate‐Risk Vendor Ongoing Due DiligenceHigh‐Risk Vendor Ongoing Due Diligence“Too Big to Care”A Note on PhishingIntake and Ongoing Cybersecurity PersonnelRansomware: A History and FutureConclusion
Chapter 7: On‐site Due Diligence
On‐site Security AssessmentOn‐site Due Diligence and the Intake ProcessConclusion

Chapter 8: Continuous Monitoring
What Is Continuous Monitoring?Enhanced Continuous MonitoringThird‐Party Breaches and the Incident ProcessConclusion
Chapter 9: Offboarding
Access to Systems, Data, and FacilitiesConclusion
Chapter 10: Securing the Cloud
Why Is the Cloud So Risky?Conclusion
Chapter 11: Cybersecurity and Legal Protections
Legal Terms and ProtectionsCybersecurity Terms and ConditionsConclusion
Chapter 12: Software Due Diligence
The Secure Software Development LifecycleOn‐Premises SoftwareCloud SoftwareOpen Web Application Security Project ExplainedOpen Source SoftwareMobile SoftwareConclusion
Chapter 13: Network Due Diligence
Third‐Party ConnectionsZero Trust for Third PartiesConclusion
Chapter 14: Offshore Third‐Party Cybersecurity Risk
Onboarding Offshore VendorsCountry RiskKC's Country RiskConclusion
Chapter 15: Transform to Predictive
The DataLevel SetA Mature to Predictive ApproachThe Predictive Approach at KC EnterprisesConclusion
Chapter 16: Conclusion
Index
Copyright
Dedication
(ISC)2®
About the Author
About the Technical Editor
Acknowledgments
Foreword
End User License Agreement

Overview

STRENGTHEN THE WEAKEST LINKS IN YOUR CYBERSECURITY CHAIN

Across the world, the networks of hundreds of different world-class organizations have been breached in a seemingly never-ending stream of attacks that targeted the trusted vendors of major brands. From Target to Equifax, Home Depot, and GM, it seems as if no company is safe from a third-party incident or breach, regardless of size. And the advanced threats are now exploiting the intersection of weaknesses in cybersecurity and third-party risk management.

In Cybersecurity and Third-Party Risk, veteran cybersecurity specialist Gregory Rasner walks readers through how to lock down the vulnerabilities posed to an organization’s network by third parties. You’ll discover how to move beyond a simple checklist and create an active, effective, and continuous system of third-party cybersecurity risk mitigation.

The author discusses how to conduct due diligence on the third parties connected to your company’s networks and how to keep your information about them current and reliable. You’ll learn about the language you need to look for in a third-party data contract whether you’re offshoring or outsourcing data security arrangements.

Perfect for professionals and executives responsible for securing their organizations’ systems against external threats, Cybersecurity and Third-Party Risk is an indispensable resource for all business leaders who seek to:

Understand the fundamentals of third-party risk management
Conduct robust intake and ongoing due diligence
Perform on-site due diligence and close vendor risks
Secure your software supply chain
Utilize cloud and on-premises software securely
Continuously monitor your third-party vendors and prevent breaches

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781119809555Purchase Link

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills