{"product_id":"zero-trust-and-thirdparty-risk-9781394203147","title":"Zero Trust and ThirdParty Risk","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eDramatically lower the cyber risk posed by third-party software and vendors in your organization In Zero Trust and Third-Party Risk, veteran cybersecurity leader Gregory Rasner delivers an accessible and authoritative walkthrough of the fundamentals and finer points of the zero trust philosophy and its application to the mitigation of third-party cyber risk. In this book, you'll explore how to build a zero trust program and nurture it to maturity. You will also learn how and why zero trust is so effective in reducing third-party cybersecurity risk. The author uses the story of a fictional organizationKC Enterprisesto illustrate the real-world application of zero trust principles. He takes you through a full zero trust implementation cycle, from initial breach to cybersecurity program maintenance and upkeep. You'll also find: Explanations of the processes, controls, and programs that make up the zero trust doctrineDescriptions of the five pillars of implementing zero trust with third-party vendorsNumerous examples, use-cases, and stories that highlight the real-world utility of zero trustAn essential resource for board members, executives, managers, and other business leaders, Zero Trust and Third-Party Risk will also earn a place on the bookshelves of technical and cybersecurity practitioners, as well as compliance professionals seeking effective strategies to dramatically lower cyber risk.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eForeword xiii\u003c\/p\u003e \u003cp\u003eINTRODUCTION: Reduce the Blast Radius xvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I Zero Trust and Third-Party Risk Explained 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Overview of Zero Trust and Third-Party Risk 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eZero Trust 3\u003c\/p\u003e \u003cp\u003eWhat Is Zero Trust? 4\u003c\/p\u003e \u003cp\u003eThe Importance of Strategy 5\u003c\/p\u003e \u003cp\u003eConcepts of Zero Trust 6\u003c\/p\u003e \u003cp\u003e1. Secure Resources 7\u003c\/p\u003e \u003cp\u003e2. Least Privilege and Access Control 8\u003c\/p\u003e \u003cp\u003e3. Ongoing Monitoring and Validation 11\u003c\/p\u003e \u003cp\u003eZero Trust Concepts and Definitions 13\u003c\/p\u003e \u003cp\u003eMultifactor Authentication 13\u003c\/p\u003e \u003cp\u003eMicrosegmentation 14\u003c\/p\u003e \u003cp\u003eProtect Surface 15\u003c\/p\u003e \u003cp\u003eData, Applications, Assets, Services (DAAS) 15\u003c\/p\u003e \u003cp\u003eThe Five Steps to Deploying Zero Trust 16\u003c\/p\u003e \u003cp\u003eStep 1: Define the Protect Surface 16\u003c\/p\u003e \u003cp\u003eStep 2: Map the Transaction Flows 17\u003c\/p\u003e \u003cp\u003eStep 3: Build the Zero Trust Architecture 17\u003c\/p\u003e \u003cp\u003eStep 4: Create the Zero Trust Policy 17\u003c\/p\u003e \u003cp\u003eStep 5: Monitor and Maintain the Network 19\u003c\/p\u003e \u003cp\u003eZero Trust Frameworks and Guidance 20\u003c\/p\u003e \u003cp\u003eZero Trust Enables Business 22\u003c\/p\u003e \u003cp\u003eCybersecurity and Third-Party Risk 22\u003c\/p\u003e \u003cp\u003eWhat Is Cybersecurity and Third-Party Risk? 23\u003c\/p\u003e \u003cp\u003eOverview of How to Start or Mature a Program 25\u003c\/p\u003e \u003cp\u003eStart Here 25\u003c\/p\u003e \u003cp\u003eIntake, Questions, and Risk-Based Approach 27\u003c\/p\u003e \u003cp\u003eRemote Questionnaires 28\u003c\/p\u003e \u003cp\u003eContract Controls 29\u003c\/p\u003e \u003cp\u003ePhysical Validation 30\u003c\/p\u003e \u003cp\u003eContinuous Monitoring 31\u003c\/p\u003e \u003cp\u003eDisengagement and Cybersecurity 33\u003c\/p\u003e \u003cp\u003eReporting and Analytics 34\u003c\/p\u003e \u003cp\u003eZT with CTPR 35\u003c\/p\u003e \u003cp\u003eWhy Zero Trust and Third-Party Risk? 35\u003c\/p\u003e \u003cp\u003eHow to Approach Zero Trust and Third-Party Risk 37\u003c\/p\u003e \u003cp\u003eZT\/CTPR OSI Model 38\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Zero Trust and Third-Party Risk Model 43\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eZero Trust and Third-Party Users 43\u003c\/p\u003e \u003cp\u003eAccess Control Process 44\u003c\/p\u003e \u003cp\u003eIdentity: Validate Third-Party Users with Strong Authentication 45\u003c\/p\u003e \u003cp\u003eFive Types of Strong Authentication 47\u003c\/p\u003e \u003cp\u003eIdentity and Access Management 50\u003c\/p\u003e \u003cp\u003ePrivileged Access Management 52\u003c\/p\u003e \u003cp\u003eDevice\/Workload: Verify Third-Party User Device Integrity 54\u003c\/p\u003e \u003cp\u003eAccess: Enforce Least-Privilege Access for Third-Party Users to Data and Apps 57\u003c\/p\u003e \u003cp\u003eGroups 57\u003c\/p\u003e \u003cp\u003eWork Hours 58\u003c\/p\u003e \u003cp\u003eGeo-Location 58\u003c\/p\u003e \u003cp\u003eDevice-Based Restrictions 58\u003c\/p\u003e \u003cp\u003eAuditing 59\u003c\/p\u003e \u003cp\u003eTransaction: Scan All Content for Third-Party\u003c\/p\u003e \u003cp\u003eMalicious Activity 59\u003c\/p\u003e \u003cp\u003eIDS\/IPS 60\u003c\/p\u003e \u003cp\u003eDLP 60\u003c\/p\u003e \u003cp\u003eSIEM 61\u003c\/p\u003e \u003cp\u003eUBAD 61\u003c\/p\u003e \u003cp\u003eGovernance 62\u003c\/p\u003e \u003cp\u003eZero Trust and Third-Party Users Summary 62\u003c\/p\u003e \u003cp\u003eZero Trust and Third-Party Applications 63\u003c\/p\u003e \u003cp\u003eIdentity: Validate Third-Party Developers, DevOps, and Admins with Strong Auth 64\u003c\/p\u003e \u003cp\u003ePrivileged User Groups 64\u003c\/p\u003e \u003cp\u003eMultifactor Authentication 64\u003c\/p\u003e \u003cp\u003eJust-in-Time Access 65\u003c\/p\u003e \u003cp\u003ePrivileged Access Management 65\u003c\/p\u003e \u003cp\u003eAudit and Logging 66\u003c\/p\u003e \u003cp\u003eDevice\/Workload: Verify Third-Party Workload Integrity 66\u003c\/p\u003e \u003cp\u003eAccess: Enforce Least-Privilege Access for Third-Party Workloads\u003c\/p\u003e \u003cp\u003eAccessing Other Workloads 67\u003c\/p\u003e \u003cp\u003eTransaction: Scan All Content for Third-Party Malicious Activity and Data Theft 68\u003c\/p\u003e \u003cp\u003eZero Trust and Third-Party Applications Summary 70\u003c\/p\u003e \u003cp\u003eZero Trust and Third-Party Infrastructure 70\u003c\/p\u003e \u003cp\u003eIdentity: Validate Third-Party Users with Access to Infrastructure 71\u003c\/p\u003e \u003cp\u003eDevice\/Workload: Identify All Third-Party Devices (Including IoT) 72\u003c\/p\u003e \u003cp\u003eSoftware-Defined Perimeter 74\u003c\/p\u003e \u003cp\u003eEncryption 74\u003c\/p\u003e \u003cp\u003eUpdates 75\u003c\/p\u003e \u003cp\u003eEnforce Strong Passwords 75\u003c\/p\u003e \u003cp\u003eVulnerability and Secure Development Management 75\u003c\/p\u003e \u003cp\u003eLogging and Monitoring 76\u003c\/p\u003e \u003cp\u003eAccess: Enforce Least-Privilege Access Segmentation for Third-Party Infrastructure 76\u003c\/p\u003e \u003cp\u003eTransaction: Scan All Content Within the Infra for Third-Party Malicious Activity and Data Theft 77\u003c\/p\u003e \u003cp\u003eZero Trust and Third-Party Infrastructure Summary 78\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Zero Trust and Fourth-Party Cloud (SaaS) 79\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCloud Service Providers and Zero Trust 80\u003c\/p\u003e \u003cp\u003eZero Trust in Amazon Web Services 81\u003c\/p\u003e \u003cp\u003eZero Trust in Azure 83\u003c\/p\u003e \u003cp\u003eZero Trust in Azure Storage 85\u003c\/p\u003e \u003cp\u003eZero Trust on Azure Virtual Machines 87\u003c\/p\u003e \u003cp\u003eZero Trust on an Azure Spoke VNet 87\u003c\/p\u003e \u003cp\u003eZero Trust on an Azure Hub VNet 88\u003c\/p\u003e \u003cp\u003eZero Trust in Azure Summary 88\u003c\/p\u003e \u003cp\u003eZero Trust in Google Cloud 88\u003c\/p\u003e \u003cp\u003eIdentity-Aware Proxy 89\u003c\/p\u003e \u003cp\u003eAccess Context Manager 90\u003c\/p\u003e \u003cp\u003eZero Trust in Google Cloud Summary 91\u003c\/p\u003e \u003cp\u003eVendors and Zero Trust Strategy 91\u003c\/p\u003e \u003cp\u003eZero Trust at Third Parties as a Requirement 91\u003c\/p\u003e \u003cp\u003eA Starter Zero Trust Security Assessment 92\u003c\/p\u003e \u003cp\u003eA Zero Trust Maturity Assessment 95\u003c\/p\u003e \u003cp\u003ePillar 1: Identity 98\u003c\/p\u003e \u003cp\u003ePillar 2: Device 101\u003c\/p\u003e \u003cp\u003ePillar 3: Network\/Environment 104\u003c\/p\u003e \u003cp\u003ePillar 4: Application\/Workload 107\u003c\/p\u003e \u003cp\u003ePillar 5: Data 110\u003c\/p\u003e \u003cp\u003eCross-cutting Capabilities 113\u003c\/p\u003e \u003cp\u003eZero Trust Maturity Assessment for Critical Vendors 115\u003c\/p\u003e \u003cp\u003ePart I: Zero Trust and Third-Party Risk\u003c\/p\u003e \u003cp\u003eExplained Summary 119\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II Apply the Lessons from Part I 121\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 KC Enterprises: Lessons Learned in ZT and CTPR 123\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eKristina Conglomerate Enterprises 124\u003c\/p\u003e \u003cp\u003eKC Enterprises’ Cyber Third-Party Risk Program 127\u003c\/p\u003e \u003cp\u003eKC Enterprises’ Cybersecurity Policy 127\u003c\/p\u003e \u003cp\u003eScope 127\u003c\/p\u003e \u003cp\u003ePolicy Statement and Objectives 128\u003c\/p\u003e \u003cp\u003eCybersecurity Program 128\u003c\/p\u003e \u003cp\u003eClassification of Information Assets 129\u003c\/p\u003e \u003cp\u003eA Really Bad Day 130\u003c\/p\u003e \u003cp\u003eThen the Other Shoe Dropped 133\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Plan for a Plan 139\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eKC's ZT and CTPR Journey 139\u003c\/p\u003e \u003cp\u003eDefine the Protect Surface 143\u003c\/p\u003e \u003cp\u003eMap Transaction Flows 146\u003c\/p\u003e \u003cp\u003eArchitecture Environment 148\u003c\/p\u003e \u003cp\u003eDeploy Zero Trust Policies 159\u003c\/p\u003e \u003cp\u003eLogical Policies and Environmental Changes 159\u003c\/p\u003e \u003cp\u003eZero Trust for Third-Party Users at KC Enterprises 161\u003c\/p\u003e \u003cp\u003eThird-Party User and Device Integrity 161\u003c\/p\u003e \u003cp\u003eThird-Party Least-Privileged Access 163\u003c\/p\u003e \u003cp\u003eThird-Party User and Device Scanning 165\u003c\/p\u003e \u003cp\u003eZero Trust for Third-Party Applications at KC Enterprises 166\u003c\/p\u003e \u003cp\u003eThird-Party Application Development and Workload Integrity 166\u003c\/p\u003e \u003cp\u003eThird-Party Application Least-Privileged Access Workload to Workload 168\u003c\/p\u003e \u003cp\u003eThird-Party Application Scanning 168\u003c\/p\u003e \u003cp\u003eZero Trust for Third-Party Infrastructure at KC Enterprises 169\u003c\/p\u003e \u003cp\u003eThird-Party User Access to Infrastructure 169\u003c\/p\u003e \u003cp\u003eThird-Party Device Integrity 170\u003c\/p\u003e \u003cp\u003eThird-Party Infrastructure Segmentation 170\u003c\/p\u003e \u003cp\u003eThird-Party Infrastructure Scanning 171\u003c\/p\u003e \u003cp\u003eWritten Policy Changes 172\u003c\/p\u003e \u003cp\u003eIdentity and Access Management Program 172\u003c\/p\u003e \u003cp\u003eVulnerability Management Program 173\u003c\/p\u003e \u003cp\u003eCybersecurity Incident Management Program 174\u003c\/p\u003e \u003cp\u003eCybersecurity Program 175\u003c\/p\u003e \u003cp\u003eCybersecurity Third-Party Risk Program 175\u003c\/p\u003e \u003cp\u003eThird-Party Security Standard 177\u003c\/p\u003e \u003cp\u003eInformation Security Addendum 181\u003c\/p\u003e \u003cp\u003eAssessment Alignment and Due Diligence 198\u003c\/p\u003e \u003cp\u003eThird-Party Risk Management Program 202\u003c\/p\u003e \u003cp\u003eLegal Policies 203\u003c\/p\u003e \u003cp\u003eMonitor and Maintain 205\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II: Apply the Lessons from Summary 206\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAcknowledgments 209\u003c\/p\u003e \u003cp\u003eAbout the Author 211\u003c\/p\u003e \u003cp\u003eAbout the Technical Editor 211\u003c\/p\u003e \u003cp\u003eIndex 213\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":49407603310935,"sku":"9781394203147","price":21.24,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781394203147.jpg?v=1730499905","url":"https:\/\/bookcurl.com\/products\/zero-trust-and-thirdparty-risk-9781394203147","provider":"Book Curl","version":"1.0","type":"link"}