相關主題
商品描述
Move beyond the checklist and fully protect yourself from third-party cybersecurity risk
Over the last decade, there have been hundreds of big-name organizations in every sector that have experienced a public breach due to a vendor. While the media tends to focus on high-profile breaches like those that hit Target in 2013 and Equifax in 2017, 2020 has ushered in a huge wave of cybersecurity attacks, a near 800% increase in cyberattack activity as millions of workers shifted to working remotely in the wake of a global pandemic.
The 2020 SolarWinds supply-chain attack illustrates that lasting impact of this dramatic increase in cyberattacks. Using a technique known as Advanced Persistent Threat (APT), a sophisticated hacker leveraged APT to steal information from multiple organizations from Microsoft to the Department of Homeland Security not by attacking targets directly, but by attacking a trusted partner or vendor. In addition to exposing third-party risk vulnerabilities for other hackers to exploit, the damage from this one attack alone will continue for years, and there are no signs that cyber breaches are slowing.
Cybersecurity and Third-Party Risk delivers proven, active, and predictive risk reduction strategies and tactics designed to keep you and your organization safe. Cybersecurity and IT expert and author Gregory Rasner shows you how to transform third-party risk from an exercise in checklist completion to a proactive and effective process of risk mitigation.
- Understand the basics of third-party risk management
- Conduct due diligence on third parties connected to your network
- Keep your data and sensitive information current and reliable
- Incorporate third-party data requirements for offshoring, fourth-party hosting, and data security arrangements into your vendor contracts
- Learn valuable lessons from devasting breaches suffered by other companies like Home Depot, GM, and Equifax
The time to talk cybersecurity with your data partners is now.
Cybersecurity and Third-Party Risk is a must-read resource for business leaders and security professionals looking for a practical roadmap to avoiding the massive reputational and financial losses that come with third-party security breaches.
商品描述(中文翻譯)
超越檢查清單,全面保護自己免受第三方網絡安全風險的影響。
在過去十年中,每個行業都有數百家知名組織因供應商而遭受公開違規事件。儘管媒體傾向於關注像2013年的Target和2017年的Equifax那樣的重大違規事件,但2020年帶來了一波巨大的網絡安全攻擊,隨著數百萬工人在全球大流行病爆發後轉向遠程工作,網絡攻擊活動近乎增加了800%。
2020年的SolarWinds供應鏈攻擊說明了這種網絡攻擊急劇增加的持久影響。一名精通高級持續性威脅(APT)技術的黑客利用APT技術從微軟到國土安全部等多個組織中竊取信息,而不是直接攻擊目標,而是攻擊一個值得信賴的合作夥伴或供應商。除了揭示其他黑客利用的第三方風險漏洞外,僅此一次攻擊造成的損害將持續多年,而且沒有任何跡象表明網絡違規事件正在減少。
《網絡安全和第三方風險》提供了經過驗證的、積極的和預測性的風險減少策略和戰術,旨在確保您和您的組織的安全。網絡安全和IT專家兼作者Gregory Rasner向您展示如何將第三方風險從一個檢查清單完成的練習轉變為一個主動和有效的風險緩解過程。
- 瞭解第三方風險管理的基礎知識
- 對與您的網絡相連的第三方進行盡職調查
- 保持您的數據和敏感信息的時效性和可靠性
- 將外包、第四方托管和數據安全安排的第三方數據要求納入您的供應商合同中
- 從Home Depot、GM和Equifax等其他公司遭受的嚴重違規事件中獲取寶貴經驗教訓
現在是與數據合作夥伴討論網絡安全的時候了。
《網絡安全和第三方風險》是企業領導者和安全專業人員必讀的資源,提供了一個實用的路線圖,以避免第三方安全違規事件帶來的巨大聲譽和財務損失。
作者簡介
GREGORY C. RASNER is the lead of Cyber Third-Party Risk at Truist Financial Corporation. He has extensive experience in cybersecurity and technology leadership in banking, biotech, software, telecom, and manufacturing. He is the author of several published articles on Third Party Risk and is a sought-after keynote speaker in this area.
作者簡介(中文翻譯)
GREGORY C. RASNER 是 Truist Financial Corporation 的 Cyber Third-Party Risk 負責人。他在銀行、生物科技、軟體、電信和製造業等領域擁有廣泛的資訊安全和科技領導經驗。他是幾篇關於第三方風險的發表文章的作者,並且在這個領域是一位備受追捧的主題演講者。