SØG - mellem flere end 8 millioner bøger:
Viser: Cybersecurity and Third-Party Risk - Third Party Threat Hunting
Cybersecurity and Third-Party Risk: Third Party Threat Hunting Vital Source e-bog
Gregory C. Rasner
(2021)
Cybersecurity and Third-Party Risk Vital Source e-bog
Gregory C. Rasner
(2021)
Cybersecurity and Third-Party Risk
Third Party Threat Hunting
Gregory C. Rasner
(2021)
Sprog: Engelsk
om ca. 15 hverdage
Detaljer om varen
- 1. Udgave
- Vital Source searchable e-book (Fixed pages)
- Udgiver: John Wiley & Sons (Juni 2021)
- ISBN: 9781119809906
Bookshelf online: 5 år fra købsdato.
Bookshelf appen: ubegrænset dage fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: 10 sider kan printes ad gangen
Copy: højest 2 sider i alt kan kopieres (copy/paste)
Detaljer om varen
- 1. Udgave
- Vital Source searchable e-book (Reflowable pages)
- Udgiver: John Wiley & Sons (Juni 2021)
- ISBN: 9781119809562
STRENGTHEN THE WEAKEST LINKS IN YOUR CYBERSECURITY CHAIN
Across the world, the networks of hundreds of different world-class organizations have been breached in a seemingly never-ending stream of attacks that targeted the trusted vendors of major brands. From Target to Equifax, Home Depot, and GM, it seems as if no company is safe from a third-party incident or breach, regardless of size. And the advanced threats are now exploiting the intersection of weaknesses in cybersecurity and third-party risk management.
In Cybersecurity and Third-Party Risk, veteran cybersecurity specialist Gregory Rasner walks readers through how to lock down the vulnerabilities posed to an organization’s network by third parties. You’ll discover how to move beyond a simple checklist and create an active, effective, and continuous system of third-party cybersecurity risk mitigation.
The author discusses how to conduct due diligence on the third parties connected to your company’s networks and how to keep your information about them current and reliable. You’ll learn about the language you need to look for in a third-party data contract whether you’re offshoring or outsourcing data security arrangements.
Perfect for professionals and executives responsible for securing their organizations’ systems against external threats, Cybersecurity and Third-Party Risk is an indispensable resource for all business leaders who seek to:
- Understand the fundamentals of third-party risk management
- Conduct robust intake and ongoing due diligence
- Perform on-site due diligence and close vendor risks
- Secure your software supply chain
- Utilize cloud and on-premises software securely
- Continuously monitor your third-party vendors and prevent breaches
Bookshelf online: 5 år fra købsdato.
Bookshelf appen: ubegrænset dage fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: 10 sider kan printes ad gangen
Copy: højest 2 sider i alt kan kopieres (copy/paste)
Detaljer om varen
- Paperback: 480 sider
- Udgiver: John Wiley & Sons, Incorporated (Juli 2021)
- ISBN: 9781119809555
Move beyond the checklist and fully protect yourself from third-party cybersecurity risk
Over the last decade, there have been hundreds of big-name organizations in every sector that have experienced a public breach due to a vendor. While the media tends to focus on high-profile breaches like those that hit Target in 2013 and Equifax in 2017, 2020 has ushered in a huge wave of cybersecurity attacks, a near 800% increase in cyberattack activity as millions of workers shifted to working remotely in the wake of a global pandemic.
The 2020 SolarWinds supply-chain attack illustrates that lasting impact of this dramatic increase in cyberattacks. Using a technique known as Advanced Persistent Threat (APT), a sophisticated hacker leveraged APT to steal information from multiple organizations from Microsoft to the Department of Homeland Security not by attacking targets directly, but by attacking a trusted partner or vendor. In addition to exposing third-party risk vulnerabilities for other hackers to exploit, the damage from this one attack alone will continue for years, and there are no signs that cyber breaches are slowing.
Cybersecurity and Third-Party Risk delivers proven, active, and predictive risk reduction strategies and tactics designed to keep you and your organization safe. Cybersecurity and IT expert and author Gregory Rasner shows you how to transform third-party risk from an exercise in checklist completion to a proactive and effective process of risk mitigation.
- Understand the basics of third-party risk management
- Conduct due diligence on third parties connected to your network
- Keep your data and sensitive information current and reliable
- Incorporate third-party data requirements for offshoring, fourth-party hosting, and data security arrangements into your vendor contracts
- Learn valuable lessons from devasting breaches suffered by other companies like Home Depot, GM, and Equifax
The time to talk cybersecurity with your data partners is now.
Cybersecurity and Third-Party Risk is a must-read resource for business leaders and security professionals looking for a practical roadmap to avoiding the massive reputational and financial losses that come with third-party security breaches.
Chapter 1 What is the Risk? 1 The SolarWinds Supply-Chain Attack 4 The VGCA Supply-Chain Attack 6 The Zyxel Backdoor Attack 9 Other Supply-Chain Attacks 10 Problem Scope 12 Compliance Does Not Equal Security 15 Third-Party Breach Examples 17 Third-Party Risk Management 24 Cybersecurity and Third-Party Risk 27 Cybersecurity Third-Party Risk as a Force Multiplier 32 Conclusion 33
Chapter 2 Cybersecurity Basics 35 Cybersecurity Basics for Third-Party Risk 38 Cybersecurity Frameworks 46 Due Care and Due Diligence 53 Cybercrime and Cybersecurity 56 Types of Cyberattacks 59 Analysis of a Breach 63 The Third-Party Breach Timeline: Target 66 Inside Look: Home Depot Breach 68 Conclusion 72
Chapter 3 What the COVID-19 Pandemic Did to Cybersecurity and Third-Party Risk 75 The Pandemic Shutdown 77 Timeline of the Pandemic Impact on Cybersecurity 80 Post-Pandemic Changes and Trends 84 Regulated Industries 98 An Inside Look: P&N Bank 100 SolarWinds Attack Update 102 Conclusion 104
Chapter 4 Third-Party Risk Management 107 Third-Party Risk Management Frameworks 113 ISO
27036:2013+ 114 NIST 800-SP 116 NIST 800-161 Revision
1: Upcoming Revision 125 NISTIR 8272 Impact Analysis Tool for Interdependent Cyber Supply-Chain Risks 125 The Cybersecurity and Third-Party Risk Program Management 127 Kristina Conglomerate (KC) Enterprises 128 KC Enterprises'' Cyber Third-Party Risk Program 131 Inside Look: Marriott 140 Conclusion 141
Chapter 5 Onboarding Due Diligence 143 Intake 145 Data Privacy 146 Cybersecurity 147 Amount of Data 149 Country Risk and Locations 149 Connectivity 150 Data Transfer 150 Data Location 151 Service-Level Agreement or Recovery Time Objective 151 Fourth Parties 152 Software Security 152 KC Enterprises Intake/Inherent Risk Cybersecurity Questionnaire 153 Cybersecurity in Request for Proposals 154 Data Location 155 Development 155 Identity and Access Management 156 Encryption 156 Intrusion Detection/Prevention System 157 Antivirus and Malware 157 Data Segregation 158 Data Loss Prevention 158 Notification 158 Security Audits 159 Cybersecurity Third-Party Intake 160 Data Security Intake Due Diligence 161 Next Steps 167 Ways to Become More Efficient 173 Systems and Organization Controls Reports 174 Chargebacks 177 Go-Live Production Reviews 179 Connectivity Cyber Reviews 179 Inside Look: Ticketmaster and Fourth Parties 182 Conclusion 183
Chapter 6 Ongoing Due Diligence 185 Low-Risk Vendor Ongoing Due Diligence 189 Moderate-Risk Vendor Ongoing Due Diligence 193 High-Risk Vendor Ongoing Due Diligence 196 "Too Big to Care" 197 A Note on Phishing 200 Intake and Ongoing Cybersecurity Personnel 203 Ransomware: A History and Future 203 Asset Management 205 Vulnerability and Patch Management 206
802.1x or Network Access Control (NAC) 206 Inside Look: GE Breach 207 Conclusion 208
Chapter 7 On-site Due Diligence 211 On-site Security Assessment 213 Scheduling Phase 214 Investigation Phase 215 Assessment Phase 217 On-site Questionnaire 221 Reporting Phase 227 Remediation Phase 227 Virtual On-site Assessments 229 On-site Cybersecurity Personnel 231 On-site Due Diligence and the Intake Process 233 Vendors Are Partners 234 Consortiums and Due Diligence 235 Conclusion 237
Chapter 8 Continuous Monitoring 239 What is Continuous Monitoring? 241 Vendor Security-Rating Tools 241 Inside Look: Health Share of Oregon''s Breach 251 Enhanced Continuous Monitoring 252 Software Vulnerabilities/Patching Cadence 253 Fourth-Party Risk 253 Data Location 254 Connectivity Security 254 Production Deployment 255 Continuous Monitoring Cybersecurity Personnel 258 Third-Party Breaches and the Incident Process 258 Third-Party Incident Management 259 Inside Look: Uber''s Delayed Data Breach Reporting 264 Inside Look: Nuance Breach 265 Conclusion 266
Chapter 9 Offboarding 267 Access to Systems, Data, and Facilities 270 Physical Access 274 Return of Equipment 275 Contract Deliverables and Ongoing Security 275 Update the Vendor Profile 276 Log Retention 276 Inside Look: Morgan Stanley Decommissioning Process Misses 277 Inside Look: Data Sanitization 279 Conclusion 283 Section 2 Next Steps
Chapter 10 Securing the Cloud 285 Why is the Cloud So Risky? 287 Introduction to NIST Service Models 288 Vendor Cloud Security Reviews 289 The Shared Responsibility Model 290 Inside Look: Cloud Controls Matrix by the Cloud Security Alliance 295 Security Advisor Reports as Patterns 298 Inside Look: The Capital One Breach 312 Conclusion 313
Chapter 11 Cybersecurity and Legal Protections 315 Legal Terms and Protections 317 Cybersecurity Terms and Conditions 321 Offshore Terms and Conditions 324 Hosted/Cloud Terms and Conditions 327 Privacy Terms and Conditions 331 Inside Look: Heritage Valley Health vs. Nuance 334 Conclusion 335
Chapter 12 Software Due Diligence 337 The Secure Software Development Lifecycle 340 Lessons from SolarWinds and Critical Software 342 Inside Look: Juniper 344 On-Premises Software 346 Cloud Software 348 Open Web Application Security Project Explained 350 OWASP Top 10 350 OWASP Web Security Testing Guide 352 Open Source Software 353 Software Composition Analysis 355 Inside Look: Heartbleed 355 Mobile Software 357 Testing Mobile Applications 358 Code Storage 360 Conclusion 362
Chapter 13 Network Due Diligence 365 Third-Party Connections 368 Personnel Physical Security 368 Hardware Security 370 Software Security 371 Out-of-Band Security 372 Cloud Connections 374 Vendor Connectivity Lifecycle Management 375 Zero Trust for Third Parties 379 Internet of Things and Third Parties 385 Trusted Platform Module and Secure Boot 388 Inside Look: The Target Breach (2013) 390 Conclusion 391
Chapter 14 Offshore Third-Party Cybersecurity Risk 393 Onboarding Offshore Vendors 397 Ongoing Due Diligence for Offshore Vendors 399 Physical Security 399 Offboarding Due Diligence for Offshore Vendors 402 Inside Look: A Reminder on Country Risk 404 Country Risk 405 KC''s Country Risk 406 Conclusion 409
Chapter 15 Transform to Predictive 411 The Data 414 Vendor Records 415 Due Diligence Records 416 Contract Language 416 Risk Acceptances 417 Continuous Monitoring 417 Enhanced Continuous Monitoring 417 How Data is Stored 418 Level Set 418 A Mature to Predictive Approach 420 The Predictive Approach at KC Enterprises 420 Use Case #1: Early Intervention 423 Use Case #2: Red Vendors 425 Use Case #3: Reporting 426 Conclusion 427
Chapter 16 Conclusion 429 Advanced Persistent Threats Are the New Danger 431 Cybersecurity Third-Party Risk 435 Index 445
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik
FAQ for studerende
Pensumlistegaranti
Sortiment og levering
Kompendier(for undervisere)
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927