Cybersecurity and Third-Party Risk

This book is a great read overall for anyone in cybersecurity or even senior management trying to understand 3rd party risk.However, I found a number of typos throughout this book, including a glaring error. On page 110 this book refers to HIPPA and calls it Health Insurance Portability and Privacy Act. No such act even exists! It's called HIPAA and it's Health Insurance Portability and Accountability Act. Come on!Loses 2 stars just for that error and the various typos. Ignoring all that the content is worth a read. I hope the author comes out with a revision in the future. I'll edit my review if and when these are fixed.

Purchased this book as I work as a Cybersecurity Assessor for a major financial institution. Great all around structure on building an effective third-party risk management program from the ground up.Everything from handling objections from senior management, to building a team of Subject Matter Experts who are the backbone of the Assessment Process. I wholeheartedly agree that hiring skilled Information Security Assessors is key to the program and identifying security risks within an organizations third-party supplier network. Businesses can no longer simply rely on a "Checkbox" mentality for data security. Compliance does NOT equal Security. Every organization which processes PII, PHI, NPII data needs to understand that unless you take a Risk Based Approach to securing where your data is being shared, processed or stored, you are just asking for trouble.Well written material, easy to read and comprehend. You don't need to have years of experience in cybersecurity or information technology to understand the information presented in the book. I read through the book over a few evenings and while flying out to visit with some of our third-party suppliers to conduct a Trust-but-Verify Onsite Assessment.Highly recommend the book to any Cybersecurity Professionals, even if you have decades of hands-on experience like I do, this book will help you reinforce your knowledge. Plus, you can use it towards your CPE credit hours for your industry certifications.

One of the greatest book about Cybersecurity I had the opportunity to read recently. Very comprehensive and directive.

Good book. Assumes very little knowledge of the subject so quite a slow start. Later chapters are better and really helpful

Great training for any serious third party risk management team. Greg takes us on a ride through relevant threats and recent attacks, explaining the severity and loss incurred in financial, reputational, and operational terms. Each chapter will compel you to read more. I learned more about third party risk than I knew before going in and I'm grateful for the experience.Without becoming a spoiler alert I will say that one point Greg made stuck in my mind. Security Operations Centers MUST unite with the Third Party Risk Management team as a force multiplier to gain a full lens into the threats facing their organization from third party suppliers.