SØG - mellem flere end 8 millioner bøger:
Viser: Cybersecurity and Third-Party Risk - Third Party Threat Hunting
Cybersecurity and Third-Party Risk Vital Source e-bog
Gregory C. Rasner
(2021)
Cybersecurity and Third-Party Risk Vital Source e-bog
Gregory C. Rasner
(2021)
Cybersecurity and Third-Party Risk
Third Party Threat Hunting
Gregory C. Rasner
(2021)
Sprog: Engelsk
om ca. 10 hverdage
Detaljer om varen
- 1. Udgave
- Vital Source searchable e-book (Fixed pages)
- Udgiver: John Wiley & Sons (Juni 2021)
- ISBN: 9781119809906
Bookshelf online: 365 dage fra købsdato.
Bookshelf appen: ubegrænset dage fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: 10 sider kan printes ad gangen
Copy: højest 2 sider i alt kan kopieres (copy/paste)
Detaljer om varen
- 1. Udgave
- Vital Source searchable e-book (Reflowable pages)
- Udgiver: John Wiley & Sons (Juni 2021)
- ISBN: 9781119809562
STRENGTHEN THE WEAKEST LINKS IN YOUR CYBERSECURITY CHAIN
Across the world, the networks of hundreds of different world-class organizations have been breached in a seemingly never-ending stream of attacks that targeted the trusted vendors of major brands. From Target to Equifax, Home Depot, and GM, it seems as if no company is safe from a third-party incident or breach, regardless of size. And the advanced threats are now exploiting the intersection of weaknesses in cybersecurity and third-party risk management.
In Cybersecurity and Third-Party Risk, veteran cybersecurity specialist Gregory Rasner walks readers through how to lock down the vulnerabilities posed to an organization’s network by third parties. You’ll discover how to move beyond a simple checklist and create an active, effective, and continuous system of third-party cybersecurity risk mitigation.
The author discusses how to conduct due diligence on the third parties connected to your company’s networks and how to keep your information about them current and reliable. You’ll learn about the language you need to look for in a third-party data contract whether you’re offshoring or outsourcing data security arrangements.
Perfect for professionals and executives responsible for securing their organizations’ systems against external threats, Cybersecurity and Third-Party Risk is an indispensable resource for all business leaders who seek to:
- Understand the fundamentals of third-party risk management
- Conduct robust intake and ongoing due diligence
- Perform on-site due diligence and close vendor risks
- Secure your software supply chain
- Utilize cloud and on-premises software securely
- Continuously monitor your third-party vendors and prevent breaches
Bookshelf online: 365 dage fra købsdato.
Bookshelf appen: ubegrænset dage fra købsdato.
Udgiveren oplyser at følgende begrænsninger er gældende for dette produkt:
Print: 10 sider kan printes ad gangen
Copy: højest 2 sider i alt kan kopieres (copy/paste)
Detaljer om varen
- Paperback: 480 sider
- Udgiver: John Wiley & Sons, Limited (August 2021)
- ISBN: 9781119809555
After large breaches at well-known organizations including Home Depot, Capital One, Equifax, Best Buy and many others, CISOs, Cybersecurity professionals and business leaders have spent countless hours and money upgrading their cybersecurity internally. Data Loss Prevention, Cloud Access Security Broker, Intrusion Detection/Prevention, Zero Trust, Privileged Access Manager, and countless other projects and systems have been purchased and integrated to head off breaches.
And yet the size and frequency of breaches continue to grow.
The real kicker: many of these major breaches occurred at a third-party. These companies, like too many others still, did not pay attention to the cybersecurity of their vendors. These caused large financial penalties, but the reputational losses were often enormous. Both for the companies and the personnel who ran the cybersecurity at these firms. And sixty percent of companies admit not performing adequate cybersecurity vetting of vendors. Thirty-three percent report they have none or ad-hoc cybersecurity vetting process for third parties.
Because they have your customer data or connect to your network, third-parties have become physical attestations of your own business. Cybersecurity due diligence and due care must be more aggressive in their approach to this risk domain; it is no longer enough to perform it as a compliance function but must be active and engaged in real-time with third-party cybersecurity.
With this book you will learn how to create a third party risk program with cybersecurity at the lead, greatly lowering the risk of a breach from a third party. By leveraging this program to grow its maturity your organization will go from being reactionary to predictive.
xvi Introduction
xviii
Section 1 Cybersecurity Third-Party Risk
Chapter 1 What is the Risk? 1 The SolarWinds Supply-Chain Attack 4 The VGCA Supply-Chain Attack 6 The Zyxel Backdoor Attack 9 Other Supply-Chain Attacks 10 Problem Scope 12 Compliance Does Not Equal Security 15 Third-Party Breach Examples 17 Third-Party Risk Management 24 Cybersecurity and Third-Party Risk 27 Cybersecurity Third-Party Risk as a Force Multiplier 32 Conclusion 33
Chapter 2 Cybersecurity Basics 35 Cybersecurity Basics for Third-Party Risk 38 Cybersecurity Frameworks 46 Due Care and Due Diligence 53 Cybercrime and Cybersecurity 56 Types of Cyberattacks 59 Analysis of a Breach 63 The Third-Party Breach Timeline: Target 66 Inside Look: Home Depot Breach 68 Conclusion 72
Chapter 3 What the COVID-19 Pandemic Did to Cybersecurity and Third-Party Risk 75 The Pandemic Shutdown 77 Timeline of the Pandemic Impact on Cybersecurity 80 Post-Pandemic Changes and Trends 84 Regulated Industries 98 An Inside Look: P&N Bank 100 SolarWinds Attack Update 102 Conclusion 104
Chapter 4 Third-Party Risk Management 107 Third-Party Risk Management Frameworks 113 ISO
27036:
2013+ 114 NIST 800-SP 116 NIST 800-161 Revision
1: Upcoming Revision 125 NISTIR 8272 Impact Analysis Tool for Interdependent Cyber Supply-Chain Risks 125 The Cybersecurity and Third-Party Risk Program Management 127 Kristina Conglomerate (KC) Enterprises 128 KC Enterprises'' Cyber Third-Party Risk Program 131 Inside Look: Marriott 140 Conclusion 141
Chapter 5 Onboarding Due Diligence 143 Intake 145 Data Privacy 146 Cybersecurity 147 Amount of Data 149 Country Risk and Locations 149 Connectivity 150 Data Transfer 150 Data Location 151 Service-Level Agreement or Recovery Time Objective 151 Fourth Parties 152 Software Security 152 KC Enterprises Intake/Inherent Risk Cybersecurity Questionnaire 153 Cybersecurity in Request for Proposals 154 Data Location 155 Development 155 Identity and Access Management 156 Encryption 156 Intrusion Detection/Prevention System 157 Antivirus and Malware 157 Data Segregation 158 Data Loss Prevention 158 Notification 158 Security Audits 159 Cybersecurity Third-Party Intake 160 Data Security Intake Due Diligence 161 Next Steps 167 Ways to Become More Efficient 173 Systems and Organization Controls Reports 174 Chargebacks 177 Go-Live Production Reviews 179 Connectivity Cyber Reviews 179 Inside Look: Ticketmaster and Fourth Parties 182 Conclusion 183
Chapter 6 Ongoing Due Diligence 185 Low-Risk Vendor Ongoing Due Diligence 189 Moderate-Risk Vendor Ongoing Due Diligence 193 High-Risk Vendor Ongoing Due Diligence 196 "Too Big to Care" 197 A Note on Phishing 200 Intake and Ongoing Cybersecurity Personnel 203 Ransomware: A History and Future 203 Asset Management 205 Vulnerability and Patch Management 206
802. 1x or Network Access Control (NAC) 206 Inside Look: GE Breach 207 Conclusion 208
Chapter 7 On-site Due Diligence 211 On-site Security Assessment 213 Scheduling Phase 214 Investigation Phase 215 Assessment Phase 217 On-site Questionnaire 221 Reporting Phase 227 Remediation Phase 227 Virtual On-site Assessments 229 On-site Cybersecurity Personnel 231 On-site Due Diligence and the Intake Process 233 Vendors Are Partners 234 Consortiums and Due Diligence 235 Conclusion 237
Chapter 8 Continuous Monitoring 239 What is Continuous Monitoring? 241 Vendor Security-Rating Tools 241 Inside Look: Health Share of Oregon''s Breach 251 Enhanced Continuous Monitoring 252 Software Vulnerabilities/Patching Cadence 253 Fourth-Party Risk 253 Data Location 254 Connectivity Security 254 Production Deployment 255 Continuous Monitoring Cybersecurity Personnel 258 Third-Party Breaches and the Incident Process 258 Third-Party Incident Management 259 Inside Look: Uber''s Delayed Data Breach Reporting 264 Inside Look: Nuance Breach 265 Conclusion 266
Chapter 9 Offboarding 267 Access to Systems, Data, and Facilities 270 Physical Access 274 Return of Equipment 275 Contract Deliverables and Ongoing Security 275 Update the Vendor Profile 276 Log Retention 276 Inside Look: Morgan Stanley Decommissioning Process Misses 277 Inside Look: Data Sanitization 279 Conclusion 283
Section 2 Next Steps
Chapter 10 Securing the Cloud 285 Why is the Cloud So Risky? 287 Introduction to NIST Service Models 288 Vendor Cloud Security Reviews 289 The Shared Responsibility Model 290 Inside Look: Cloud Controls Matrix by the Cloud Security Alliance 295 Security Advisor Reports as Patterns 298 Inside Look: The Capital One Breach 312 Conclusion 313
Chapter 11 Cybersecurity and Legal Protections 315 Legal Terms and Protections 317 Cybersecurity Terms and Conditions 321 Offshore Terms and Conditions 324 Hosted/Cloud Terms and Conditions 327 Privacy Terms and Conditions 331 Inside Look: Heritage Valley Health vs. Nuance 334 Conclusion 335
Chapter 12 Software Due Diligence 337 The Secure Software Development Lifecycle 340 Lessons from SolarWinds and Critical Software 342 Inside Look: Juniper 344 On-Premises Software 346 Cloud Software 348 Open Web Application Security Project Explained 350 OWASP Top 10 350 OWASP Web Security Testing Guide 352 Open Source Software 353 Software Composition Analysis 355 Inside Look: Heartbleed 355 Mobile Software 357 Testing Mobile Applications 358 Code Storage 360 Conclusion 362
Chapter 13 Network Due Diligence 365 Third-Party Connections 368 Personnel Physical Security 368 Hardware Security 370 Software Security 371 Out-of-Band Security 372 Cloud Connections 374 Vendor Connectivity Lifecycle Management 375 Zero Trust for Third Parties 379 Internet of Things and Third Parties 385 Trusted Platform Module and Secure Boot 388 Inside Look: The Target Breach (2013) 390 Conclusion 391
Chapter 14 Offshore Third-Party Cybersecurity Risk 393 Onboarding Offshore Vendors 397 Ongoing Due Diligence for Offshore Vendors 399 Physical Security 399 Offboarding Due Diligence for Offshore Vendors 402 Inside Look: A Reminder on Country Risk 404 Country Risk 405 KC''s Country Risk 406 Conclusion 409
Chapter 15 Transform to Predictive 411 The Data 414 Vendor Records 415 Due Diligence Records 416 Contract Language 416 Risk Acceptances 417 Continuous Monitoring 417 Enhanced Continuous Monitoring 417 How Data is Stored 418 Level Set 418 A Mature to Predictive Approach 420 The Predictive Approach at KC Enterprises 420 Use Case #1: Early Intervention 423 Use Case #2: Red Vendors 425 Use Case #3: Reporting 426 Conclusion 427
Chapter 16 Conclusion 429 Advanced Persistent Threats Are the New Danger 431 Cybersecurity Third-Party Risk 435
Index 445
Kunder der købte denne bog købte også en af disse:
Computer Networking, Global Edition
James Kurose og Keith Ross
om ca. 2 hverdage
Handler du som firma
Forretningsbetingelser
Porto og forsendelse
Data & cookiepolitik
Tlf 77 42 43 44 - email poly@polyteknisk.dk - CVR 34072655 - Sydbank Reg: 6748 Konto 0001107927