Cyber ​​Security and Third Party Risk

Third party risk (or supply chain security) is not a new discipline and there are structures, regulatory directives, professional certifications and organizations that testify to its maturity. Cybersecurity can be considered more mature as it has been around in one form or another since computers reached their zenith in the 1970s. Nowadays it is even more difficult in terms of frameworks, disciplines, certifications, normative guidelines and directives, and areas of study. Why do surveys show time after time that more than 50% of organizations do not use some form of third party risk management (TPRM), and even fewer have anything other than a dedicated vendor cybersecurity due diligence program? The reasons for this lack of attention and cooperation can be found in the hundreds, if not thousands, of breaches and security incidents that have been the result of poor third-party oversight and a lack of any due diligence and due diligence on vendor cybersecurity.

This book is designed to explore the issues and risks in detail, and then provide concrete examples of how to build a robust and proactive third-party cybersecurity risk management program. It begins by describing the basics of due diligence processes and the supplier life cycle, with models and illustrations of how to create these basic but necessary steps. It then goes into more detail on the following parts of building a mature program: cyber-legal language, offshore vendors,
connection security, software security, and use of the Predictive Reporting Panel.