Description

Book Synopsis


Table of Contents

Foreword xvi

Introduction xviii

Section 1 Cybersecurity Third-Party Risk

Chapter 1 What is the Risk? 1

The SolarWinds Supply-Chain Attack 4

The VGCA Supply-Chain Attack 6

The Zyxel Backdoor Attack 9

Other Supply-Chain Attacks 10

Problem Scope 12

Compliance Does Not Equal Security 15

Third-Party Breach Examples 17

Third-Party Risk Management 24

Cybersecurity and Third-Party Risk 27

Cybersecurity Third-Party Risk as a Force Multiplier 32

Conclusion 33

Chapter 2 Cybersecurity Basics 35

Cybersecurity Basics for Third-Party Risk 38

Cybersecurity Frameworks 46

Due Care and Due Diligence 53

Cybercrime and Cybersecurity 56

Types of Cyberattacks 59

Analysis of a Breach 63

The Third-Party Breach Timeline: Target 66

Inside Look: Home Depot Breach 68

Conclusion 72

Chapter 3 What the COVID-19 Pandemic Did to Cybersecurity and Third-Party Risk 75

The Pandemic Shutdown 77

Timeline of the Pandemic Impact on Cybersecurity 80

Post-Pandemic Changes and Trends 84

Regulated Industries 98

An Inside Look: P&N Bank 100

SolarWinds Attack Update 102

Conclusion 104

Chapter 4 Third-Party Risk Management 107

Third-Party Risk Management Frameworks 113

ISO 27036:2013+ 114

NIST 800-SP 116

NIST 800-161 Revision 1: Upcoming Revision 125

NISTIR 8272 Impact Analysis Tool for Interdependent Cyber Supply-Chain Risks 125

The Cybersecurity and Third-Party Risk Program Management 127

Kristina Conglomerate (KC) Enterprises 128

KC Enterprises’ Cyber Third-Party Risk Program 131

Inside Look: Marriott 140

Conclusion 141

Chapter 5 Onboarding Due Diligence 143

Intake 145

Data Privacy 146

Cybersecurity 147

Amount of Data 149

Country Risk and Locations 149

Connectivity 150

Data Transfer 150

Data Location 151

Service-Level Agreement or Recovery Time Objective 151

Fourth Parties 152

Software Security 152

KC Enterprises Intake/Inherent Risk Cybersecurity Questionnaire 153

Cybersecurity in Request for Proposals 154

Data Location 155

Development 155

Identity and Access Management 156

Encryption 156

Intrusion Detection/Prevention System 157

Antivirus and Malware 157

Data Segregation 158

Data Loss Prevention 158

Notification 158

Security Audits 159

Cybersecurity Third-Party Intake 160

Data Security Intake Due Diligence 161

Next Steps 167

Ways to Become More Efficient 173

Systems and Organization Controls Reports 174

Chargebacks 177

Go-Live Production Reviews 179

Connectivity Cyber Reviews 179

Inside Look: Ticketmaster and Fourth Parties 182

Conclusion 183

Chapter 6 Ongoing Due Diligence 185

Low-Risk Vendor Ongoing Due Diligence 189

Moderate-Risk Vendor Ongoing Due Diligence 193

High-Risk Vendor Ongoing Due Diligence 196

“Too Big to Care” 197

A Note on Phishing 200

Intake and Ongoing Cybersecurity Personnel 203

Ransomware: A History and Future 203

Asset Management 205

Vulnerability and Patch Management 206

802.1x or Network Access Control (NAC) 206

Inside Look: GE Breach 207

Conclusion 208

Chapter 7 On-site Due Diligence 211

On-site Security Assessment 213

Scheduling Phase 214

Investigation Phase 215

Assessment Phase 217

On-site Questionnaire 221

Reporting Phase 227

Remediation Phase 227

Virtual On-site Assessments 229

On-site Cybersecurity Personnel 231

On-site Due Diligence and the Intake Process 233

Vendors Are Partners 234

Consortiums and Due Diligence 235

Conclusion 237

Chapter 8 Continuous Monitoring 239

What is Continuous Monitoring? 241

Vendor Security-Rating Tools 241

Inside Look: Health Share of Oregon’s Breach 251

Enhanced Continuous Monitoring 252

Software Vulnerabilities/Patching Cadence 253

Fourth-Party Risk 253

Data Location 254

Connectivity Security 254

Production Deployment 255

Continuous Monitoring Cybersecurity Personnel 258

Third-Party Breaches and the Incident Process 258

Third-Party Incident Management 259

Inside Look: Uber’s Delayed Data Breach Reporting 264

Inside Look: Nuance Breach 265

Conclusion 266

Chapter 9 Offboarding 267

Access to Systems, Data, and Facilities 270

Physical Access 274

Return of Equipment 275

Contract Deliverables and Ongoing Security 275

Update the Vendor Profile 276

Log Retention 276

Inside Look: Morgan Stanley

Decommissioning Process Misses 277

Inside Look: Data Sanitization 279

Conclusion 283

Section 2 Next Steps

Chapter 10 Securing the Cloud 285

Why is the Cloud So Risky? 287

Introduction to NIST Service Models 288

Vendor Cloud Security Reviews 289

The Shared Responsibility Model 290

Inside Look: Cloud Controls Matrix by the Cloud Security Alliance 295

Security Advisor Reports as Patterns 298

Inside Look: The Capital One Breach 312

Conclusion 313

Chapter 11 Cybersecurity and Legal Protections 315

Legal Terms and Protections 317

Cybersecurity Terms and Conditions 321

Offshore Terms and Conditions 324

Hosted/Cloud Terms and Conditions 327

Privacy Terms and Conditions 331

Inside Look: Heritage Valley Health vs. Nuance 334

Conclusion 335

Chapter 12 Software Due Diligence 337

The Secure Software Development Lifecycle 340

Lessons from SolarWinds and Critical Software 342

Inside Look: Juniper 344

On-Premises Software 346

Cloud Software 348

Open Web Application Security Project Explained 350

OWASP Top 10 350

OWASP Web Security Testing Guide 352

Open Source Software 353

Software Composition Analysis 355

Inside Look: Heartbleed 355

Mobile Software 357

Testing Mobile Applications 358

Code Storage 360

Conclusion 362

Chapter 13 Network Due Diligence 365

Third-Party Connections 368

Personnel Physical Security 368

Hardware Security 370

Software Security 371

Out-of-Band Security 372

Cloud Connections 374

Vendor Connectivity Lifecycle Management 375

Zero Trust for Third Parties 379

Internet of Things and Third Parties 385

Trusted Platform Module and Secure Boot 388

Inside Look: The Target Breach (2013) 390

Conclusion 391

Chapter 14 Offshore Third-Party Cybersecurity Risk 393

Onboarding Offshore Vendors 397

Ongoing Due Diligence for Offshore Vendors 399

Physical Security 399

Offboarding Due Diligence for Offshore Vendors 402

Inside Look: A Reminder on Country Risk 404

Country Risk 405

KC’s Country Risk 406

Conclusion 409

Chapter 15 Transform to Predictive 411

The Data 414

Vendor Records 415

Due Diligence Records 416

Contract Language 416

Risk Acceptances 417

Continuous Monitoring 417

Enhanced Continuous Monitoring 417

How Data is Stored 418

Level Set 418

A Mature to Predictive Approach 420

The Predictive Approach at KC Enterprises 420

Use Case #1: Early Intervention 423

Use Case #2: Red Vendors 425

Use Case #3: Reporting 426

Conclusion 427

Chapter 16 Conclusion 429

Advanced Persistent Threats Are the New Danger 431

Cybersecurity Third-Party Risk 435

Index 445

Cybersecurity and ThirdParty Risk

    Product form

    £26.40

    Includes FREE delivery

    RRP £33.00 – you save £6.60 (20%)

    Order before 4pm tomorrow for delivery by Sat 4 Jul 2026.

    A Paperback / softback by Gregory C. Rasner

    15 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of Cybersecurity and ThirdParty Risk by Gregory C. Rasner

      Publisher: John Wiley & Sons Inc
      Publication Date: 16/08/2021
      ISBN13: 9781119809555, 978-1119809555
      ISBN10: 111980955X
      Also in:
      Computer networking and communications

      Description

      Book Synopsis


      Table of Contents

      Foreword xvi

      Introduction xviii

      Section 1 Cybersecurity Third-Party Risk

      Chapter 1 What is the Risk? 1

      The SolarWinds Supply-Chain Attack 4

      The VGCA Supply-Chain Attack 6

      The Zyxel Backdoor Attack 9

      Other Supply-Chain Attacks 10

      Problem Scope 12

      Compliance Does Not Equal Security 15

      Third-Party Breach Examples 17

      Third-Party Risk Management 24

      Cybersecurity and Third-Party Risk 27

      Cybersecurity Third-Party Risk as a Force Multiplier 32

      Conclusion 33

      Chapter 2 Cybersecurity Basics 35

      Cybersecurity Basics for Third-Party Risk 38

      Cybersecurity Frameworks 46

      Due Care and Due Diligence 53

      Cybercrime and Cybersecurity 56

      Types of Cyberattacks 59

      Analysis of a Breach 63

      The Third-Party Breach Timeline: Target 66

      Inside Look: Home Depot Breach 68

      Conclusion 72

      Chapter 3 What the COVID-19 Pandemic Did to Cybersecurity and Third-Party Risk 75

      The Pandemic Shutdown 77

      Timeline of the Pandemic Impact on Cybersecurity 80

      Post-Pandemic Changes and Trends 84

      Regulated Industries 98

      An Inside Look: P&N Bank 100

      SolarWinds Attack Update 102

      Conclusion 104

      Chapter 4 Third-Party Risk Management 107

      Third-Party Risk Management Frameworks 113

      ISO 27036:2013+ 114

      NIST 800-SP 116

      NIST 800-161 Revision 1: Upcoming Revision 125

      NISTIR 8272 Impact Analysis Tool for Interdependent Cyber Supply-Chain Risks 125

      The Cybersecurity and Third-Party Risk Program Management 127

      Kristina Conglomerate (KC) Enterprises 128

      KC Enterprises’ Cyber Third-Party Risk Program 131

      Inside Look: Marriott 140

      Conclusion 141

      Chapter 5 Onboarding Due Diligence 143

      Intake 145

      Data Privacy 146

      Cybersecurity 147

      Amount of Data 149

      Country Risk and Locations 149

      Connectivity 150

      Data Transfer 150

      Data Location 151

      Service-Level Agreement or Recovery Time Objective 151

      Fourth Parties 152

      Software Security 152

      KC Enterprises Intake/Inherent Risk Cybersecurity Questionnaire 153

      Cybersecurity in Request for Proposals 154

      Data Location 155

      Development 155

      Identity and Access Management 156

      Encryption 156

      Intrusion Detection/Prevention System 157

      Antivirus and Malware 157

      Data Segregation 158

      Data Loss Prevention 158

      Notification 158

      Security Audits 159

      Cybersecurity Third-Party Intake 160

      Data Security Intake Due Diligence 161

      Next Steps 167

      Ways to Become More Efficient 173

      Systems and Organization Controls Reports 174

      Chargebacks 177

      Go-Live Production Reviews 179

      Connectivity Cyber Reviews 179

      Inside Look: Ticketmaster and Fourth Parties 182

      Conclusion 183

      Chapter 6 Ongoing Due Diligence 185

      Low-Risk Vendor Ongoing Due Diligence 189

      Moderate-Risk Vendor Ongoing Due Diligence 193

      High-Risk Vendor Ongoing Due Diligence 196

      “Too Big to Care” 197

      A Note on Phishing 200

      Intake and Ongoing Cybersecurity Personnel 203

      Ransomware: A History and Future 203

      Asset Management 205

      Vulnerability and Patch Management 206

      802.1x or Network Access Control (NAC) 206

      Inside Look: GE Breach 207

      Conclusion 208

      Chapter 7 On-site Due Diligence 211

      On-site Security Assessment 213

      Scheduling Phase 214

      Investigation Phase 215

      Assessment Phase 217

      On-site Questionnaire 221

      Reporting Phase 227

      Remediation Phase 227

      Virtual On-site Assessments 229

      On-site Cybersecurity Personnel 231

      On-site Due Diligence and the Intake Process 233

      Vendors Are Partners 234

      Consortiums and Due Diligence 235

      Conclusion 237

      Chapter 8 Continuous Monitoring 239

      What is Continuous Monitoring? 241

      Vendor Security-Rating Tools 241

      Inside Look: Health Share of Oregon’s Breach 251

      Enhanced Continuous Monitoring 252

      Software Vulnerabilities/Patching Cadence 253

      Fourth-Party Risk 253

      Data Location 254

      Connectivity Security 254

      Production Deployment 255

      Continuous Monitoring Cybersecurity Personnel 258

      Third-Party Breaches and the Incident Process 258

      Third-Party Incident Management 259

      Inside Look: Uber’s Delayed Data Breach Reporting 264

      Inside Look: Nuance Breach 265

      Conclusion 266

      Chapter 9 Offboarding 267

      Access to Systems, Data, and Facilities 270

      Physical Access 274

      Return of Equipment 275

      Contract Deliverables and Ongoing Security 275

      Update the Vendor Profile 276

      Log Retention 276

      Inside Look: Morgan Stanley

      Decommissioning Process Misses 277

      Inside Look: Data Sanitization 279

      Conclusion 283

      Section 2 Next Steps

      Chapter 10 Securing the Cloud 285

      Why is the Cloud So Risky? 287

      Introduction to NIST Service Models 288

      Vendor Cloud Security Reviews 289

      The Shared Responsibility Model 290

      Inside Look: Cloud Controls Matrix by the Cloud Security Alliance 295

      Security Advisor Reports as Patterns 298

      Inside Look: The Capital One Breach 312

      Conclusion 313

      Chapter 11 Cybersecurity and Legal Protections 315

      Legal Terms and Protections 317

      Cybersecurity Terms and Conditions 321

      Offshore Terms and Conditions 324

      Hosted/Cloud Terms and Conditions 327

      Privacy Terms and Conditions 331

      Inside Look: Heritage Valley Health vs. Nuance 334

      Conclusion 335

      Chapter 12 Software Due Diligence 337

      The Secure Software Development Lifecycle 340

      Lessons from SolarWinds and Critical Software 342

      Inside Look: Juniper 344

      On-Premises Software 346

      Cloud Software 348

      Open Web Application Security Project Explained 350

      OWASP Top 10 350

      OWASP Web Security Testing Guide 352

      Open Source Software 353

      Software Composition Analysis 355

      Inside Look: Heartbleed 355

      Mobile Software 357

      Testing Mobile Applications 358

      Code Storage 360

      Conclusion 362

      Chapter 13 Network Due Diligence 365

      Third-Party Connections 368

      Personnel Physical Security 368

      Hardware Security 370

      Software Security 371

      Out-of-Band Security 372

      Cloud Connections 374

      Vendor Connectivity Lifecycle Management 375

      Zero Trust for Third Parties 379

      Internet of Things and Third Parties 385

      Trusted Platform Module and Secure Boot 388

      Inside Look: The Target Breach (2013) 390

      Conclusion 391

      Chapter 14 Offshore Third-Party Cybersecurity Risk 393

      Onboarding Offshore Vendors 397

      Ongoing Due Diligence for Offshore Vendors 399

      Physical Security 399

      Offboarding Due Diligence for Offshore Vendors 402

      Inside Look: A Reminder on Country Risk 404

      Country Risk 405

      KC’s Country Risk 406

      Conclusion 409

      Chapter 15 Transform to Predictive 411

      The Data 414

      Vendor Records 415

      Due Diligence Records 416

      Contract Language 416

      Risk Acceptances 417

      Continuous Monitoring 417

      Enhanced Continuous Monitoring 417

      How Data is Stored 418

      Level Set 418

      A Mature to Predictive Approach 420

      The Predictive Approach at KC Enterprises 420

      Use Case #1: Early Intervention 423

      Use Case #2: Red Vendors 425

      Use Case #3: Reporting 426

      Conclusion 427

      Chapter 16 Conclusion 429

      Advanced Persistent Threats Are the New Danger 431

      Cybersecurity Third-Party Risk 435

      Index 445

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account