Before you leave...
Take 20% off your first order
20% off
Enter the code below at checkout to get 20% off your first order
Discover summer reading lists for all ages & interests!
Find Your Next Read
Align TPRM and cybersecurity, classify supply chain risks, build a lifecycle program, and map NIST C-SCRM, ISO/IEC 27036, DORA, GDPR, and EO 14028 to evidence and audits.
Key Features:
- Align procurement, legal, and security priorities around shared risk outcomes
- Apply a clear taxonomy for cyber, operational, regulatory, and reputational risk
- Use a lifecycle blueprint to structure assessment and ongoing oversight
- Map NIST C-SCRM, ISO/IEC 27036, DORA, and EO 14028 to audit evidence
Book Description:
Modern organizations rely on complex vendor ecosystems, but third-party risk management (TPRM) and cybersecurity often operate in silos. This book shows how to connect vendor risk management with supply chain cybersecurity using a practical, lifecycle-driven approach.
You'll design a program covering onboarding, vendor risk assessment, continuous monitoring, and offboarding. You'll begin by examining why TPRM and cybersecurity often operate in separate lanes, and what that gap costs in downtime, breach impact, and compliance exposure. Next, you'll develop a modern taxonomy of supply chain risk, including fourth-party dependencies and software supply chain concerns, so risk discussions use consistent categories and measurable assumptions.
From there, you'll adopt a lifecycle-based model to structure vendor onboarding, assessment, monitoring, and offboarding-supported by vendor tiering, segmentation, and control mapping. The final chapter focuses on the regulatory blueprint: how to interpret NIST C-SCRM, ISO/IEC 27036, DORA, GDPR, and Executive Order 14028, then convert them into evidence-driven controls and audit-ready documentation.
What You Will Learn:
- Learn how vendor ecosystems become attack paths
- Categorize third- and fourth-party supply chain risks
- Create risk tiers and segmentation based on business impact
- Design a lifecycle workflow from onboarding to offboarding
- Select controls using NIST and ISO supply chain guidance
- Translate DORA, GDPR, and EO 14028 duties into controls
- Prepare evidence packs for audits and regulator questions
- Plan continuous monitoring beyond annual questionnaires
Who this book is for:
This book is for cybersecurity leaders, TPRM/VRM practitioners, risk managers, and procurement professionals who need a repeatable way to evaluate and monitor vendors and critical suppliers. It also helps compliance stakeholders who need a shared, workable method to manage supplier cyber exposure. Basic familiarity with security principles and vendor management helps.
Table of Contents
- The Disconnect - TPRM vs. Cybersecurity in the Supply Chain
- The New Attack Surface - A Taxonomy of Supply Chain Risks
- The Foundational Framework - A TPRM-Driven Security Lifecycle
- The Regulatory Blueprint - Navigating Key Frameworks
Thanks for subscribing!
This email has been registered!
Take 20% off your first order
Enter the code below at checkout to get 20% off your first order