Cybersecurity and Third-Party Risk. Gregory C. Rasner
Connections Zero Trust for Third Parties Conclusion
17 Chapter 14: Offshore Third‐Party Cybersecurity Risk Onboarding Offshore Vendors Country Risk KC's Country Risk Conclusion
18 Chapter 15: Transform to Predictive The Data Level Set A Mature to Predictive Approach The Predictive Approach at KC Enterprises Conclusion
20 Index
21 Copyright
22 Dedication
23 (ISC)2®
27 Foreword
List of Tables
1 Chapter 12TABLE 11.1 CVE/CVSS SCORES
List of Illustrations
1 Chapter 2FIGURE 2.1 The CIA TriadFIGURE 2.2 The NIST Cybersecurity FrameworkFIGURE 2.3 The Five Steps to a Breach
2 Chapter 4FIGURE 4.1 The Four Pillars of ICT SCRMFIGURE 4.2 The Calculation FlowFIGURE 4.3 The Four Lines of Defense Model
3 Chapter 5FIGURE 5.1 The Cyber TPR LifecycleFIGURE 5.2 The RFP to IRQ to Intake ProcessFIGURE 5.3 Masking or De‐Identifying Tests in Lower‐Level Environments
4 Chapter 7FIGURE 7.1 The On‐site Assessment Lifecycle
5 Chapter 8FIGURE 8.1 The Continuous Monitoring Process
6 Chapter 10FIGURE 10.1 SaaS, PaaS, and IaaS StacksFIGURE 10.2 The Shared Responsibility Model
7 Chapter 13FIGURE 13.1 The Vendor Connection LifecycleFIGURE 13.2 Vendor Enclaves in ZT for Third PartiesFIGURE 13.3 An SDP GatewayFIGURE 13.4 The TPM Process
8 Chapter 15FIGURE 15.1 The Data Funnel to ReportingFIGURE 15.2 Red, Yellow, and Green Vendors
Guide
Pages
1 i
2 xviii
3 xix
4 xx
5 xxi
6 xxii
7 1
8 3
9 4
10 5
11 6
12 7
13 8
14 9
15 10
16 11
17 12
18 13
19 14
20 15
21 16
22 17
23 18
24 19
25 20
26 21
27 22
28 23
29 24
30