Outside-in cyber review: Difference between revisions

From ACT Wiki
Jump to navigationJump to search
(Create page - source - ICAEW - https://www.treasurers.org/hub/technical/cyber-security-guide-2024)
 
(Add quote.)
 
Line 4: Line 4:


It is sometimes known as open-source intelligence (OSINT).
It is sometimes known as open-source intelligence (OSINT).
:<span style="color:#4B0082">'''''Outside-in review for an acquirer'''''</span>
:"At the preparation stage, an acquirer or an investor will have no access, or extremely limited access, to the potential acquisition target...
:There may be recent domain name registrations, which have the potential for domain name spoofing during the M&A process.
:These registrations can be searched for ahead of any process beginning in earnest.
:Dark web searches, a review of information on the ICO’s database, digital profiling and digital reconnaissance, and any public information that might be available will all be part of an outside-in review.
:It will involve checks for:
:*Breached credentials and passwords related to the high-level domain of the target, which may be found being traded on the dark web;
:*Whether key individuals’ email addresses have been compromised;
:*Occurrences of [other] data leaks... which may also be traded on the dark web...
:It is possible that the outside-in review may reveal significant cyber risks that constitute a red flag for the deal to proceed."
:''Cyber security in corporate finance - ICAEW - 2024 - p16.''




==See also==
==See also==
*[[Acquisition]]
*[[Compromise]]
*[[Corporate finance]]
*[[Credential stuffing]]
*[[Cyber attack]]
*[[Cyber attack]]
*[[Cyber breach]]
*[[Cyber breach]]
Line 13: Line 40:
*[[Cyber security: protecting your business and your clients]]
*[[Cyber security: protecting your business and your clients]]
*[[Dark web]]
*[[Dark web]]
*[[Deal]]
*[[Domain]]
*[[Domain name spoofing]]
*[[Due diligence]]
*[[Due diligence]]
*[[ICAEW]]
*[[Information Commissioner's Office]]  (ICO)
*[[M&A]]
*[[Open source]]
*[[Open source]]
*[[Public domain]]
*[[Public domain]]
==Other resource==
*[https://www.treasurers.org/hub/technical/cyber-security-guide-2024 Cyber security in corporate finance - ICAEW - 2024]
[[Category:Accounting,_tax_and_regulation]]
[[Category:The_business_context]]


[[Category:Accounting,_tax_and_regulation]]
[[Category:Accounting,_tax_and_regulation]]
[[Category:The_business_context]]
[[Category:The_business_context]]

Latest revision as of 17:18, 6 February 2024

Cyber security - due diligence - preliminary work.

An outside-in cyber review is a limited scope assessment of another organisation's cyber security, using information in the public domain.

It is sometimes known as open-source intelligence (OSINT).


Outside-in review for an acquirer
"At the preparation stage, an acquirer or an investor will have no access, or extremely limited access, to the potential acquisition target...
There may be recent domain name registrations, which have the potential for domain name spoofing during the M&A process.
These registrations can be searched for ahead of any process beginning in earnest.


Dark web searches, a review of information on the ICO’s database, digital profiling and digital reconnaissance, and any public information that might be available will all be part of an outside-in review.
It will involve checks for:
  • Breached credentials and passwords related to the high-level domain of the target, which may be found being traded on the dark web;
  • Whether key individuals’ email addresses have been compromised;
  • Occurrences of [other] data leaks... which may also be traded on the dark web...


It is possible that the outside-in review may reveal significant cyber risks that constitute a red flag for the deal to proceed."
Cyber security in corporate finance - ICAEW - 2024 - p16.


See also


Other resource

Retrieved from ‘https://wiki.treasurers.org/w/index.php?title=Outside-in_cyber_review&oldid=54611