- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
Integrate cybersecurity into TPRM to reduce vendor breach impact, meet DORA and NIST C-SCRM expectations, and monitor fourth-party exposure using SBOM-driven diligence, threat intelligence, and automation.
Key Features
Design TPRM lifecycle linking vendor risk to cyber -outcomes
Map NIST, ISO 27036, DORA, GDPR to audit-ready controls
Enforce contracts, SLAs, due diligence across 3rd/4th parties
Implement continuous monitoring beyond questionnaires
-Develop breach response playbooks with SBOM
Book DescriptionModern organizations rely on complex vendor ecosystems, but third-party risk management (TPRM) and cybersecurity often operate in silos. This book shows how to connect vendor risk management with supply chain cybersecurity using a practical, lifecycle-driven approach.
You'll design a program covering onboarding, vendor risk assessment, continuous monitoring, and offboarding. Instead of static questionnaires, you'll use threat intelligence, security ratings, and real-world signals to strengthen third-party security and improve decisions across procurement, legal, and security teams.
The book aligns practices with NIST supply chain risk management (C-SCRM), ISO 27036, DORA compliance, and GDPR, translating them into audit-ready controls and governance.
You'll learn how to embed vendor due diligence into contracts, manage fourth-party risk, and extend security requirements across suppliers. It also covers SBOM (Software Bill of Materials) standards such as SPDX and CycloneDX to improve software supply chain transparency.
Finally, you'll develop vendor breach response playbooks and apply automation and AI-driven risk scoring to scale your program. By the end, you can build a resilient, intelligence-led TPRM capability.What you will learn
Build a TPRM lifecycle for supply chain cybersecurity
Perform vendor risk assessment and tiering
Align with NIST C-SCRM, ISO 27036, and DORA
Embed vendor due diligence into contracts and SLAs
Identify and manage fourth-party risk exposure
Apply SBOM (SPDX, CycloneDX) to supplier security
Run vendor breach response for supply chain incidents
Use AI and automation to scale vendor risk management
Who this book is forThis book is for cybersecurity leaders, TPRM/VRM practitioners, risk managers, and procurement professionals who need a repeatable way to evaluate and monitor vendors and critical suppliers. Compliance teams and in-house counsel working with DORA, GDPR, HIPAA, and related requirements will also benefit. Basic familiarity with security principles and vendor management helps.
Contents
Table of Contents
The Disconnect — TPRM vs. Cybersecurity in the Supply Chain
The New Attack Surface — A Taxonomy of Supply Chain Risks
The Foundational Framework — A TPRM-Driven Security Lifecycle
The Regulatory Blueprint — Navigating Key Frameworks
The Legal Foundation — Embedding Cyber into Contracts
The Unseen Threat — Managing Fourth-Party Risk
Deep Dive - threat Intelligence, uncovering hidden risks
The Incident Blueprint — Responding to Thirdand Fourth-Party Breaches
Measuring and advancing TPRM maturity
Connecting TPRM and SCM - Due Diligence of Suppliers and understanding threats
Understanding your service provider SBOM - Applying first party SBOM D diligence to all service providers
The Technological Imperative — Leveraging AI and Automation
The Software Ingredient List — SBOM and Software Supply Chain Security
Building an Advanced Program — From Compliance to Resilience
