Outside-in cyber review
From ACT Wiki
Cyber security - due diligence - preliminary work.
An outside-in cyber review is a limited scope assessment of another organisation's cyber security, using information in the public domain.
It is sometimes known as open-source intelligence (OSINT).
- Outside-in review for an acquirer
- "At the preparation stage, an acquirer or an investor will have no access, or extremely limited access, to the potential acquisition target...
- There may be recent domain name registrations, which have the potential for domain name spoofing during the M&A process.
- These registrations can be searched for ahead of any process beginning in earnest.
- Dark web searches, a review of information on the ICO’s database, digital profiling and digital reconnaissance, and any public information that might be available will all be part of an outside-in review.
- It will involve checks for:
- Breached credentials and passwords related to the high-level domain of the target, which may be found being traded on the dark web;
- Whether key individuals’ email addresses have been compromised;
- Occurrences of [other] data leaks... which may also be traded on the dark web...
- It is possible that the outside-in review may reveal significant cyber risks that constitute a red flag for the deal to proceed."
- Cyber security in corporate finance - ICAEW - 2024 - p16.
See also
- Acquisition
- Compromise
- Corporate finance
- Credential stuffing
- Cyber attack
- Cyber breach
- Cyber risk
- Cyber security
- Cyber security: protecting your business and your clients
- Cyber threat intelligence
- Dark web
- Deal
- Domain
- Domain name spoofing
- Due diligence
- ICAEW
- Information Commissioner's Office (ICO)
- M&A
- Open source
- Public domain