TPRM-Driven Supply Chain Cybersecurity: Connecting TPRM and supply chain security for operational resilience
暫譯: TPRM 驅動的供應鏈網絡安全:連接 TPRM 與供應鏈安全以實現運營韌性
Richardson, Eric, Pires, Filipi
- 出版商: Packt Publishing
- 出版日期: 2026-05-29
- 售價: $1,710
- 貴賓價: 9.5 折 $1,624
- 語言: 英文
- 頁數: 110
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1806708116
- ISBN-13: 9781806708116
-
相關分類:
資訊安全
海外代購書籍(需單獨結帳)
商品描述
Align TPRM and cybersecurity, classify supply chain risks, build a lifecycle program, and map NIST C-SCRM, ISO/IEC 27036, DORA, GDPR, and EO 14028 to evidence and audits.
Key Features:
- Align procurement, legal, and security priorities around shared risk outcomes
- Apply a clear taxonomy for cyber, operational, regulatory, and reputational risk
- Use a lifecycle blueprint to structure assessment and ongoing oversight
- Map NIST C-SCRM, ISO/IEC 27036, DORA, and EO 14028 to audit evidence
Book Description:
Modern organizations rely on complex vendor ecosystems, but third-party risk management (TPRM) and cybersecurity often operate in silos. This book shows how to connect vendor risk management with supply chain cybersecurity using a practical, lifecycle-driven approach.
You'll design a program covering onboarding, vendor risk assessment, continuous monitoring, and offboarding. You'll begin by examining why TPRM and cybersecurity often operate in separate lanes, and what that gap costs in downtime, breach impact, and compliance exposure. Next, you'll develop a modern taxonomy of supply chain risk, including fourth-party dependencies and software supply chain concerns, so risk discussions use consistent categories and measurable assumptions.
From there, you'll adopt a lifecycle-based model to structure vendor onboarding, assessment, monitoring, and offboarding-supported by vendor tiering, segmentation, and control mapping. The final chapter focuses on the regulatory blueprint: how to interpret NIST C-SCRM, ISO/IEC 27036, DORA, GDPR, and Executive Order 14028, then convert them into evidence-driven controls and audit-ready documentation.
What You Will Learn:
- Learn how vendor ecosystems become attack paths
- Categorize third- and fourth-party supply chain risks
- Create risk tiers and segmentation based on business impact
- Design a lifecycle workflow from onboarding to offboarding
- Select controls using NIST and ISO supply chain guidance
- Translate DORA, GDPR, and EO 14028 duties into controls
- Prepare evidence packs for audits and regulator questions
- Plan continuous monitoring beyond annual questionnaires
Who this book is for:
This book is for cybersecurity leaders, TPRM/VRM practitioners, risk managers, and procurement professionals who need a repeatable way to evaluate and monitor vendors and critical suppliers. It also helps compliance stakeholders who need a shared, workable method to manage supplier cyber exposure. Basic familiarity with security principles and vendor management helps.
Table of Contents
- The Disconnect - TPRM vs. Cybersecurity in the Supply Chain
- The New Attack Surface - A Taxonomy of Supply Chain Risks
- The Foundational Framework - A TPRM-Driven Security Lifecycle
- The Regulatory Blueprint - Navigating Key Frameworks