Zero Trust and Third-Party Risk: Reduce the Blast Radius

Dramatically lower the cyber risk posed by third-party software and vendors in your organization

In Zero Trust and Third-Party Risk, veteran cybersecurity leader Gregory Rasner delivers an accessible and authoritative walkthrough of the fundamentals and finer points of the zero trust philosophy and its application to the mitigation of third-party cyber risk. In this book, you’ll explore how to build a zero trust program and nurture it to maturity. You will also learn how and why zero trust is so effective in reducing third-party cybersecurity risk.

The author uses the story of a fictional organization—KC Enterprises—to illustrate the real-world application of zero trust principles. He takes you through a full zero trust implementation cycle, from initial breach to cybersecurity program maintenance and upkeep. You’ll also find:

• Explanations of the processes, controls, and programs that make up the zero trust doctrine
• Descriptions of the five pillars of implementing zero trust with third-party vendors
• Numerous examples, use-cases, and stories that highlight the real-world utility of zero trust

An essential resource for board members, executives, managers, and other business leaders, Zero Trust and Third-Party Risk will also earn a place on the bookshelves of technical and cybersecurity practitioners, as well as compliance professionals seeking effective strategies to dramatically lower cyber risk.

About the Author

GREGORY C. RASNER is the author of the previous book Cybersecurity & Third-Party Risk: Third-Party Threat Hunting and the content creator of training and certification program "Third-Party Cyber Risk Assessor" (Third Party Risk Association, 2023). Greg is the co-chair for ISC² Third-Party Risk Task Force and is an advisor to local colleges on technology and cybersecurity.