- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
Align TPRM and cybersecurity, classify supply chain risks, build a lifecycle program, and map NIST C-SCRM, ISO/IEC 27036, DORA, GDPR, and EO 14028 to evidence and audits.
Key Features
Align procurement, legal, and security priorities around shared risk outcomes
Apply a clear taxonomy for cyber, operational, regulatory, and reputational risk
Use a lifecycle blueprint to structure assessment and ongoing oversight
Map NIST C-SCRM, ISO/IEC 27036, DORA, and EO 14028 to audit evidence
Book DescriptionModern organizations rely on complex vendor ecosystems, but third-party risk management (TPRM) and cybersecurity often operate in silos. This book shows how to connect vendor risk management with supply chain cybersecurity using a practical, lifecycle-driven approach.
You'll design a program covering onboarding, vendor risk assessment, continuous monitoring, and offboarding. You'll begin by examining why TPRM and cybersecurity often operate in separate lanes, and what that gap costs in downtime, breach impact, and compliance exposure. Next, you'll develop a modern taxonomy of supply chain risk, including fourth-party dependencies and software supply chain concerns, so risk discussions use consistent categories and measurable assumptions.
From there, you'll adopt a lifecycle-based model to structure vendor onboarding, assessment, monitoring, and offboarding—supported by vendor tiering, segmentation, and control mapping. The final chapter focuses on the regulatory blueprint: how to interpret NIST C-SCRM, ISO/IEC 27036, DORA, GDPR, and Executive Order 14028, then convert them into evidence-driven controls and audit-ready documentation.
What you will learn
Learn how vendor ecosystems become attack paths
Categorize third- and fourth-party supply chain risks
Create risk tiers and segmentation based on business impact
Design a lifecycle workflow from onboarding to offboarding
Select controls using NIST and ISO supply chain guidance
Translate DORA, GDPR, and EO 14028 duties into controls
Prepare evidence packs for audits and regulator questions
Plan continuous monitoring beyond annual questionnaires
Who this book is forThis book is for cybersecurity leaders, TPRM/VRM practitioners, risk managers, and procurement professionals who need a repeatable way to evaluate and monitor vendors and critical suppliers. It also helps compliance stakeholders who need a shared, workable method to manage supplier cyber exposure. Basic familiarity with security principles and vendor management helps.
Contents
Table of Contents
The Disconnect — TPRM vs. Cybersecurity in the Supply Chain
The New Attack Surface — A Taxonomy of Supply Chain Risks
The Foundational Framework — A TPRM-Driven Security Lifecycle
The Regulatory Blueprint — Navigating Key Frameworks
