Chapter 8: ICT third-party risk management

Third parties obviously present a significant risk to any organisation. Suppliers and service providers make things simpler for most organisations, but you must, by default, put a lot of faith in contracts to ensure that they meet their security and resilience obligations.

Some of the largest data breaches in history were caused by exploiting third parties. The Target breach of 2013 is probably the most notable. In that incident, a refrigeration contractor with access to Target’s internal systems was first breached by the attackers, who used the supplier’s access to move into Target’s systems.⁴¹ From this humble beginning, the attackers were able to access sensitive payment card data, customer personal ...

Get DORA - A guide to the EU digital operational resilience act now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

DORA - A guide to the EU digital operational resilience act by Andrew Pattison

CHAPTER 8: ICT THIRD-PARTY RISK MANAGEMENT

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly