Читать книгу Cybersecurity and Third-Party Risk - Gregory C. Rasner - Страница 2

1  Cover

2  Title Page

3  Introduction Who Will Benefit Most from This Book Special Features

4  Chapter 1: What Is the Risk? The SolarWinds Supply‐Chain Attack The VGCA Supply‐Chain Attack The Zyxel Backdoor Attack Other Supply‐Chain Attacks Problem Scope Compliance Does Not Equal Security Third‐Party Breach Examples Conclusion

5  Chapter 2: Cybersecurity Basics Cybersecurity Basics for Third‐Party Risk Cybersecurity Frameworks Due Care and Due Diligence Cybercrime and Cybersecurity Conclusion

6  Chapter 3: What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk The Pandemic Shutdown SolarWinds Attack Update Conclusion

7  Chapter 4: Third‐Party Risk Management Third‐Party Risk Management Frameworks The Cybersecurity and Third‐Party Risk Program Management Kristina Conglomerate (KC) Enterprises Conclusion

8  Chapter 5: Onboarding Due Diligence Intake Cybersecurity Third‐Party Intake Conclusion

9  Chapter 6: Ongoing Due Diligence Low‐Risk Vendor Ongoing Due Diligence Moderate‐Risk Vendor Ongoing Due Diligence High‐Risk Vendor Ongoing Due Diligence “Too Big to Care” A Note on Phishing Intake and Ongoing Cybersecurity Personnel Ransomware: A History and Future Conclusion

10  Chapter 7: On‐site Due Diligence On‐site Security Assessment On‐site Due Diligence and the Intake Process Conclusion

11  Chapter 8: Continuous Monitoring What Is Continuous Monitoring? Enhanced Continuous Monitoring Third‐Party Breaches and the Incident Process Conclusion

12  Chapter 9: Offboarding Access to Systems, Data, and Facilities Conclusion

13  Chapter 10: Securing the Cloud Why Is the Cloud So Risky? Conclusion

14  Chapter 11: Cybersecurity and Legal Protections Legal Terms and Protections Cybersecurity Terms and Conditions Conclusion

15  Chapter 12: Software Due Diligence The Secure Software Development Lifecycle On‐Premises Software Cloud Software Open Web Application Security Project Explained Open Source Software Mobile Software Conclusion

16  Chapter 13: Network Due Diligence Third‐Party Connections Zero Trust for Third Parties Conclusion

17  Chapter 14: Offshore Third‐Party Cybersecurity Risk Onboarding Offshore Vendors Country Risk KC's Country Risk Conclusion

18  Chapter 15: Transform to Predictive The Data Level Set A Mature to Predictive Approach The Predictive Approach at KC Enterprises Conclusion

19  Chapter 16: Conclusion

20  Index

21  Copyright

22  Dedication

23  (ISC)^2®

24  About the Author

25  About the Technical Editor

26  Acknowledgments

27  Foreword

28  End User License Agreement