Table of Contents
1 Cover
3 Introduction Who Will Benefit Most from This Book Special Features
4 Chapter 1: What Is the Risk? The SolarWinds Supply‐Chain Attack The VGCA Supply‐Chain Attack The Zyxel Backdoor Attack Other Supply‐Chain Attacks Problem Scope Compliance Does Not Equal Security Third‐Party Breach Examples Conclusion
5 Chapter 2: Cybersecurity Basics Cybersecurity Basics for Third‐Party Risk Cybersecurity Frameworks Due Care and Due Diligence Cybercrime and Cybersecurity Conclusion
6 Chapter 3: What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk The Pandemic Shutdown SolarWinds Attack Update Conclusion
7 Chapter 4: Third‐Party Risk Management Third‐Party Risk Management Frameworks The Cybersecurity and Third‐Party Risk Program Management Kristina Conglomerate (KC) Enterprises Conclusion
8 Chapter 5: Onboarding Due Diligence Intake Cybersecurity Third‐Party Intake Conclusion
9 Chapter 6: Ongoing Due Diligence Low‐Risk Vendor Ongoing Due Diligence Moderate‐Risk Vendor Ongoing Due Diligence High‐Risk Vendor Ongoing Due Diligence “Too Big to Care” A Note on Phishing Intake and Ongoing Cybersecurity Personnel Ransomware: A History and Future Conclusion
10 Chapter 7: On‐site Due Diligence On‐site Security Assessment On‐site Due Diligence and the Intake Process Conclusion
11 Chapter 8: Continuous Monitoring What Is Continuous Monitoring? Enhanced Continuous Monitoring Third‐Party Breaches and the Incident Process Conclusion
12 Chapter 9: Offboarding Access to Systems, Data, and Facilities Conclusion
13 Chapter 10: Securing the Cloud Why Is the Cloud So Risky? Conclusion
14 Chapter 11: Cybersecurity and Legal Protections Legal Terms and Protections Cybersecurity Terms and Conditions Conclusion
15 Chapter 12: Software Due Diligence The Secure Software Development Lifecycle On‐Premises Software Cloud Software Open Web Application Security Project Explained Open Source Software Mobile Software Conclusion
16 Chapter 13: Network Due Diligence