Outside-in cyber review: Difference between revisions
From ACT Wiki
Jump to navigationJump to search
(Add quote.) |
(Add link.) |
||
Line 39: | Line 39: | ||
*[[Cyber security]] | *[[Cyber security]] | ||
*[[Cyber security: protecting your business and your clients]] | *[[Cyber security: protecting your business and your clients]] | ||
*[[Cyber threat intelligence]] | |||
*[[Dark web]] | *[[Dark web]] | ||
*[[Deal]] | *[[Deal]] | ||
Line 53: | Line 54: | ||
==Other resource== | ==Other resource== | ||
*[https://www.treasurers.org/hub/technical/cyber-security-guide-2024 Cyber security in corporate finance - ICAEW - 2024] | *[https://www.treasurers.org/hub/technical/cyber-security-guide-2024 Cyber security in corporate finance - ICAEW - 2024] | ||
[[Category:Accounting,_tax_and_regulation]] | [[Category:Accounting,_tax_and_regulation]] | ||
[[Category:The_business_context]] | [[Category:The_business_context]] |
Latest revision as of 21:35, 21 July 2024
Cyber security - due diligence - preliminary work.
An outside-in cyber review is a limited scope assessment of another organisation's cyber security, using information in the public domain.
It is sometimes known as open-source intelligence (OSINT).
- Outside-in review for an acquirer
- "At the preparation stage, an acquirer or an investor will have no access, or extremely limited access, to the potential acquisition target...
- There may be recent domain name registrations, which have the potential for domain name spoofing during the M&A process.
- These registrations can be searched for ahead of any process beginning in earnest.
- Dark web searches, a review of information on the ICO’s database, digital profiling and digital reconnaissance, and any public information that might be available will all be part of an outside-in review.
- It will involve checks for:
- Breached credentials and passwords related to the high-level domain of the target, which may be found being traded on the dark web;
- Whether key individuals’ email addresses have been compromised;
- Occurrences of [other] data leaks... which may also be traded on the dark web...
- It is possible that the outside-in review may reveal significant cyber risks that constitute a red flag for the deal to proceed."
- Cyber security in corporate finance - ICAEW - 2024 - p16.
See also
- Acquisition
- Compromise
- Corporate finance
- Credential stuffing
- Cyber attack
- Cyber breach
- Cyber risk
- Cyber security
- Cyber security: protecting your business and your clients
- Cyber threat intelligence
- Dark web
- Deal
- Domain
- Domain name spoofing
- Due diligence
- ICAEW
- Information Commissioner's Office (ICO)
- M&A
- Open source
- Public domain