- ホーム
- > 洋書
- > 英文書
- > Business / Economics
Full Description
Cybersecurity is typically viewed as the boogeyman, and vendors are responsible for 63% of reported data breaches in organisations. And as businesses grow, they will use more and more third parties to provide specialty services. Typical cybersecurity training programs focus on phishing awareness and email hygiene. This is not enough. Navigating Supply Chain Cyber Risk: A Comprehensive Guide to Managing Third Party Cyber Risk helps companies establish cyber vendor risk management programs and understand cybersecurity in its true context from a business perspective.
The concept of cybersecurity until recently has revolved around protecting the perimeter. Today we know that the concept of the perimeter is dead. The corporate perimeter in cyber terms is no longer limited to the enterprise alone, but extends to its business partners, associates, and third parties that connect to its IT systems. This book, written by leaders and cyber risk experts in business, is based on three years of research with the Fortune 1000 and cyber insurance industry carriers, reinsurers, and brokers and the collective wisdom and experience of the authors in Third Party Risk Management, and serves as a ready reference for developing policies, procedures, guidelines, and addressing evolving compliance requirements related to vendor cyber risk management. It is unique since it provides strategies and learnings that have shown to lower risk and demystify cyber risk when dealing with third and fourth parties.
The book is essential reading for CISOs, DPOs, CPOs, Sourcing Managers, Vendor Risk Managers, Chief Procurement Officers, Cyber Risk Managers, Compliance Managers, and other cyber stakeholders, as well as students in cyber security.
Contents
Part I: The Case for Supply Chain Cyber Risk Management, 1: The Extended Enterprise, 2: Know Your Supply Chain, 3: Notable Supply Chain Cyber Events, 4: Challenges in Vendor Cyber Risk Management, Part II: Vendor Cyber Risk Management- Regulations and Compliance, 5: Vendor Cybersecurity Regulations, 6: HIPAA and Vendor Cyber Risk Management, 7: General Data Protection Regulation (GDPR), 8: California Consumer Privacy Act (CCPA), 9: New York State Department of Financial Services (NYDFS) Part 500, 10: Defense Federal Acquisition Regulation Supplement (DFARS), 11: Frameworks and Certifications,12: Attestations and Assessment Utilities, 13: SOC 2 Report, Part III: Building the Vendor Cyber Risk Management Program, 14: Preparation, 15: Due Diligence, 16: Risk Assessments, 17: Vendor Risk Quantification, 18: The Role of Policy & Procedure, 19: Internal Audit, 20: Third-Party Vendor Audit, Part IV: Future Perspectives in Vendor Cyber Risk Management, 21: The Way Forward
