Outside-in cyber review: Difference between revisions
From ACT Wiki
Jump to navigationJump to search
(Create page - source - ICAEW - https://www.treasurers.org/hub/technical/cyber-security-guide-2024) |
(Add link.) |
||
(One intermediate revision by the same user not shown) | |||
Line 4: | Line 4: | ||
It is sometimes known as open-source intelligence (OSINT). | It is sometimes known as open-source intelligence (OSINT). | ||
:<span style="color:#4B0082">'''''Outside-in review for an acquirer'''''</span> | |||
:"At the preparation stage, an acquirer or an investor will have no access, or extremely limited access, to the potential acquisition target... | |||
:There may be recent domain name registrations, which have the potential for domain name spoofing during the M&A process. | |||
:These registrations can be searched for ahead of any process beginning in earnest. | |||
:Dark web searches, a review of information on the ICO’s database, digital profiling and digital reconnaissance, and any public information that might be available will all be part of an outside-in review. | |||
:It will involve checks for: | |||
:*Breached credentials and passwords related to the high-level domain of the target, which may be found being traded on the dark web; | |||
:*Whether key individuals’ email addresses have been compromised; | |||
:*Occurrences of [other] data leaks... which may also be traded on the dark web... | |||
:It is possible that the outside-in review may reveal significant cyber risks that constitute a red flag for the deal to proceed." | |||
:''Cyber security in corporate finance - ICAEW - 2024 - p16.'' | |||
==See also== | ==See also== | ||
*[[Acquisition]] | |||
*[[Compromise]] | |||
*[[Corporate finance]] | |||
*[[Credential stuffing]] | |||
*[[Cyber attack]] | *[[Cyber attack]] | ||
*[[Cyber breach]] | *[[Cyber breach]] | ||
Line 12: | Line 39: | ||
*[[Cyber security]] | *[[Cyber security]] | ||
*[[Cyber security: protecting your business and your clients]] | *[[Cyber security: protecting your business and your clients]] | ||
*[[Cyber threat intelligence]] | |||
*[[Dark web]] | *[[Dark web]] | ||
*[[Deal]] | |||
*[[Domain]] | |||
*[[Domain name spoofing]] | |||
*[[Due diligence]] | *[[Due diligence]] | ||
*[[ICAEW]] | |||
*[[Information Commissioner's Office]] (ICO) | |||
*[[M&A]] | |||
*[[Open source]] | *[[Open source]] | ||
*[[Public domain]] | *[[Public domain]] | ||
==Other resource== | |||
*[https://www.treasurers.org/hub/technical/cyber-security-guide-2024 Cyber security in corporate finance - ICAEW - 2024] | |||
[[Category:Accounting,_tax_and_regulation]] | [[Category:Accounting,_tax_and_regulation]] | ||
[[Category:The_business_context]] | [[Category:The_business_context]] |
Latest revision as of 21:35, 21 July 2024
Cyber security - due diligence - preliminary work.
An outside-in cyber review is a limited scope assessment of another organisation's cyber security, using information in the public domain.
It is sometimes known as open-source intelligence (OSINT).
- Outside-in review for an acquirer
- "At the preparation stage, an acquirer or an investor will have no access, or extremely limited access, to the potential acquisition target...
- There may be recent domain name registrations, which have the potential for domain name spoofing during the M&A process.
- These registrations can be searched for ahead of any process beginning in earnest.
- Dark web searches, a review of information on the ICO’s database, digital profiling and digital reconnaissance, and any public information that might be available will all be part of an outside-in review.
- It will involve checks for:
- Breached credentials and passwords related to the high-level domain of the target, which may be found being traded on the dark web;
- Whether key individuals’ email addresses have been compromised;
- Occurrences of [other] data leaks... which may also be traded on the dark web...
- It is possible that the outside-in review may reveal significant cyber risks that constitute a red flag for the deal to proceed."
- Cyber security in corporate finance - ICAEW - 2024 - p16.
See also
- Acquisition
- Compromise
- Corporate finance
- Credential stuffing
- Cyber attack
- Cyber breach
- Cyber risk
- Cyber security
- Cyber security: protecting your business and your clients
- Cyber threat intelligence
- Dark web
- Deal
- Domain
- Domain name spoofing
- Due diligence
- ICAEW
- Information Commissioner's Office (ICO)
- M&A
- Open source
- Public domain