Gregory C. Rasner

Cybersecurity and Third-Party Risk


Скачать книгу

"ua0307786-b9c6-5024-ad20-77e4c6fcb39e">

      

      Table of Contents

      1  Cover

      2  Title Page

      3  Introduction Who Will Benefit Most from This Book Special Features

      4  Chapter 1: What Is the Risk? The SolarWinds Supply‐Chain Attack The VGCA Supply‐Chain Attack The Zyxel Backdoor Attack Other Supply‐Chain Attacks Problem Scope Compliance Does Not Equal Security Third‐Party Breach Examples Conclusion

      5  Chapter 2: Cybersecurity Basics Cybersecurity Basics for Third‐Party Risk Cybersecurity Frameworks Due Care and Due Diligence Cybercrime and Cybersecurity Conclusion

      6  Chapter 3: What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk The Pandemic Shutdown SolarWinds Attack Update Conclusion

      7  Chapter 4: Third‐Party Risk Management Third‐Party Risk Management Frameworks The Cybersecurity and Third‐Party Risk Program Management Kristina Conglomerate (KC) Enterprises Conclusion

      8  Chapter 5: Onboarding Due Diligence Intake Cybersecurity Third‐Party Intake Conclusion

      9  Chapter 6: Ongoing Due Diligence Low‐Risk Vendor Ongoing Due Diligence Moderate‐Risk Vendor Ongoing Due Diligence High‐Risk Vendor Ongoing Due Diligence “Too Big to Care” A Note on Phishing Intake and Ongoing Cybersecurity Personnel Ransomware: A History and Future Conclusion

      10  Chapter 7: On‐site Due Diligence On‐site Security Assessment On‐site Due Diligence and the Intake Process Conclusion

      11  Chapter 8: Continuous Monitoring What Is Continuous Monitoring? Enhanced Continuous Monitoring Third‐Party Breaches and the Incident Process Conclusion

      12  Chapter 9: Offboarding Access to Systems, Data, and Facilities Conclusion

      13  Chapter 10: Securing the Cloud Why Is the Cloud So Risky? Conclusion

      14  Chapter 11: Cybersecurity and Legal Protections Legal Terms and Protections Cybersecurity Terms and Conditions Conclusion

      15  Chapter 12: Software Due Diligence The Secure Software Development Lifecycle On‐Premises Software Cloud Software Open Web Application Security Project Explained Open Source Software Mobile Software Conclusion

      16  Chapter 13: Network Due Diligence