Cybersecurity and Third-Party Risk

Cybersecurity and Third-Party Risk

by Gregory C. Rasner
Released July 2021
Publisher(s): Wiley
ISBN: 9781119809555

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

STRENGTHEN THE WEAKEST LINKS IN YOUR CYBERSECURITY CHAIN

Across the world, the networks of hundreds of different world-class organizations have been breached in a seemingly never-ending stream of attacks that targeted the trusted vendors of major brands. From Target to Equifax, Home Depot, and GM, it seems as if no company is safe from a third-party incident or breach, regardless of size. And the advanced threats are now exploiting the intersection of weaknesses in cybersecurity and third-party risk management.

In Cybersecurity and Third-Party Risk, veteran cybersecurity specialist Gregory Rasner walks readers through how to lock down the vulnerabilities posed to an organization’s network by third parties. You’ll discover how to move beyond a simple checklist and create an active, effective, and continuous system of third-party cybersecurity risk mitigation.

The author discusses how to conduct due diligence on the third parties connected to your company’s networks and how to keep your information about them current and reliable. You’ll learn about the language you need to look for in a third-party data contract whether you’re offshoring or outsourcing data security arrangements.

Perfect for professionals and executives responsible for securing their organizations’ systems against external threats, Cybersecurity and Third-Party Risk is an indispensable resource for all business leaders who seek to:

  • Understand the fundamentals of third-party risk management
  • Conduct robust intake and ongoing due diligence
  • Perform on-site due diligence and close vendor risks
  • Secure your software supply chain
  • Utilize cloud and on-premises software securely
  • Continuously monitor your third-party vendors and prevent breaches

Table of contents

  1. Cover
  2. Title Page
  3. Introduction
    1. Who Will Benefit Most from This Book
    2. Special Features
  4. Chapter 1: What Is the Risk?
    1. The SolarWinds Supply‐Chain Attack
    2. The VGCA Supply‐Chain Attack
    3. The Zyxel Backdoor Attack
    4. Other Supply‐Chain Attacks
    5. Problem Scope
    6. Compliance Does Not Equal Security
    7. Third‐Party Breach Examples
    8. Conclusion
  5. Chapter 2: Cybersecurity Basics
    1. Cybersecurity Basics for Third‐Party Risk
    2. Cybersecurity Frameworks
    3. Due Care and Due Diligence
    4. Cybercrime and Cybersecurity
    5. Conclusion
  6. Chapter 3: What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk
    1. The Pandemic Shutdown
    2. SolarWinds Attack Update
    3. Conclusion
  7. Chapter 4: Third‐Party Risk Management
    1. Third‐Party Risk Management Frameworks
    2. The Cybersecurity and Third‐Party Risk Program Management
    3. Kristina Conglomerate (KC) Enterprises
    4. Conclusion
  8. Chapter 5: Onboarding Due Diligence
    1. Intake
    2. Cybersecurity Third‐Party Intake
    3. Conclusion
  9. Chapter 6: Ongoing Due Diligence
    1. Low‐Risk Vendor Ongoing Due Diligence
    2. Moderate‐Risk Vendor Ongoing Due Diligence
    3. High‐Risk Vendor Ongoing Due Diligence
    4. “Too Big to Care”
    5. A Note on Phishing
    6. Intake and Ongoing Cybersecurity Personnel
    7. Ransomware: A History and Future
    8. Conclusion
  10. Chapter 7: On‐site Due Diligence
    1. On‐site Security Assessment
    2. On‐site Due Diligence and the Intake Process
    3. Conclusion
  11. Chapter 8: Continuous Monitoring
    1. What Is Continuous Monitoring?
    2. Enhanced Continuous Monitoring
    3. Third‐Party Breaches and the Incident Process
    4. Conclusion
  12. Chapter 9: Offboarding
    1. Access to Systems, Data, and Facilities
    2. Conclusion
  13. Chapter 10: Securing the Cloud
    1. Why Is the Cloud So Risky?
    2. Conclusion
  14. Chapter 11: Cybersecurity and Legal Protections
    1. Legal Terms and Protections
    2. Cybersecurity Terms and Conditions
    3. Conclusion
  15. Chapter 12: Software Due Diligence
    1. The Secure Software Development Lifecycle
    2. On‐Premises Software
    3. Cloud Software
    4. Open Web Application Security Project Explained
    5. Open Source Software
    6. Mobile Software
    7. Conclusion
  16. Chapter 13: Network Due Diligence
    1. Third‐Party Connections
    2. Zero Trust for Third Parties
    3. Conclusion
  17. Chapter 14: Offshore Third‐Party Cybersecurity Risk
    1. Onboarding Offshore Vendors
    2. Country Risk
    3. KC's Country Risk
    4. Conclusion
  18. Chapter 15: Transform to Predictive
    1. The Data
    2. Level Set
    3. A Mature to Predictive Approach
    4. The Predictive Approach at KC Enterprises
    5. Conclusion
  19. Chapter 16: Conclusion
  20. Index
  21. Copyright
  22. Dedication
  23. (ISC)2®
  24. About the Author
  25. About the Technical Editor
  26. Acknowledgments
  27. Foreword
  28. End User License Agreement

Product information

  • Title: Cybersecurity and Third-Party Risk
  • Author(s): Gregory C. Rasner
  • Release date: July 2021
  • Publisher(s): Wiley
  • ISBN: 9781119809555