Praise for ZERO TRUST AND THIRD-PARTY RISK

"What I appreciate the most about this book is Greg's description of zero trust as a strategy (not a technology) and a journey that organizations must continually work towards. This book is a must read for anyone wanting to further enhance their Third Party Risk Management programs."
--Julie Gaiaschi, CISM, CISA, Chief Executive Officer & Co-Founder, Third Party Risk Association

"Choose your own adventure: Whether it's the Solar Winds attack or the fictional KC Enterprises, Greg's anecdotes are a welcomed ice-bucket challenge to the cybersecurity and third-party risk management communities. This book offers a practical approach to effectively guide both cyber AND business leaders toward the intersection of cyber third-party risk and zero trust, with a goal of increasing security for all."
--Clar Rosso, CC, CEO, ISC², Inc.

"Rasner's Zero Trust and Third-Party Risk is essential reading for third-party risk analysts and security architects alike. At a strategic level, he raises the reality that zero-trust strategies and architectures are required to minimize vendor breach events and their impacts. At a tactical level, he lays out the zero-trust control requirements that should be foundational requirements for every high-risk vendor engagement."
--Kelly White, Founder and former CEO, Risk Recon

"A breach of your third and fourth parties is mathematically inevitable. This first line of the book is perhaps one of the most important for CISO's and those who work with them to understand and come to grips with. If it's inevitable, the question then becomes, what are you going to do about it? This book is a fantastic bridge between the world of compliance-heavy third party risk management activities and practitioner-focused zero trust frameworks. CISO's should take this book, bring it to their teams, use it as a foundation for building an integrated security model across their organizations."
--Robert Wood, CISO, Centers for Medicare & Medicaid Services

Dramatically lower the cyber risk posed by third-party software and vendors in your organization

In Zero Trust and Third-Party Risk, veteran cybersecurity leader Gregory Rasner delivers an accessible and authoritative walkthrough of the fundamentals and finer points of the zero trust philosophy and its application to the mitigation of third-party cyber risk. In this book, you'll explore how to build a zero trust program and nurture it to maturity. You will also learn how and why zero trust is so effective in reducing third-party cybersecurity risk.

The author uses the story of a fictional organization--KC Enterprises--to illustrate the real-world application of zero trust principles. He takes you through a full zero trust implementation cycle, from initial breach to cybersecurity program maintenance and upkeep. You'll also find:

• Explanations of the processes, controls, and programs that make up the zero trust doctrine
• Descriptions of the five pillars of implementing zero trust with third-party vendors
• Numerous examples, use-cases, and stories that highlight the real-world utility of zero trust

An essential resource for board members, executives, managers, and other business leaders, Zero Trust and Third-Party Risk will also earn a place on the bookshelves of technical and cybersecurity practitioners, as well as compliance professionals seeking effective strategies to dramatically lower cyber risk.