While this book does not require the reader to be either a risk expert or cybersecurity expert, given there will be terminology and process discussions on some cybersecurity topics, some time spent on the terminology and the subject matter is warranted.

Cybersecurity has three main pillars: Confidentiality, Integrity and Availability (CIA):

• Confidentiality: Prescribes only authorized users and systems should be able to access or modify data.
• Integrity: Data should be maintained in a correct state and cannot be improperly modified.
• Availability: Authorized users should be able to access data when needed.

This is called the CIA Triad as shown in Figure 2.1.

These pillars are designed to break down the complexities of cybersecurity to determine how to best make decisions. For example:

• Does the vendor store our data in ways that make it more secure?
• Will this product ensure the integrity of our data in the cloud?
• Can the vendor ensure that the data will be available when required to those who need it?

Because this book is mainly focused on third parties, references will be aligned with that focus in mind. It is not about what security your organization is performing, but what is going on at the third party, both with the specific services they provide and also how they secure their own enterprise. We include several ...