Privileged Access Management - by Gregory C Rasner & Maria C Rasner (Paperback)

Book Synopsis

Zero trust is a strategy that identifies critical, high-risk resources and greatly reduces the risk of a breach. Zero trust accomplishes this by leveraging key tools, technologies, and governance around Privileged Access Management (PAM). These identities and accounts that have elevated access are the key targets of the bad actors and nearly every event, breach, or incident that occurs is the result of a privileged account being broken into.

Many organizations struggle to control these elevated accounts, what tools to pick, how to implement them correctly, and implement proper governance to ensure success in their zero trust strategy. This book defines a strategy for zero trust success that includes a privileged access strategy with key tactical decisions and actions to guarantee victory in the never-ending war against the bad actors.

What You Will Learn:

• The foundations of Zero Trust security and Privileged Access Management.
• Tie-ins to the ZT strategy and discussions about successful implementation with strategy and governance.
• How to assess your security landscape including current state, risk-based gaps, tool and technology selection, and assessment output.
• A step-by-step strategy for Implementation, including planning, execution, governance, and root-cause analysis.

Who This Book is for:

• C-level suite: not designed to be overly technical, but cover material enough to allow this level to be conversant in strategy and leadership needs to success.
• Director-level in Cyber and IT: this level of personnel are above the individual contributors (IC) and require the information in this book to translate the strategy goals set by C-suite and the tactics required for the ICs to implement and govern.
• GRC leaders and staff.
• Individual Contributors: while not designed to be a technical manual for engineering staff, it does provide a Rosetta Stone for themto understand how important strategy and governance are to their success.

About the Author

Gregory C. Rasner (CISSP, CIPM, ITIL, CCNA) is the founder and CEO of Third Party Threat Hunting LLC, bringing his unique and extensive knowledge of third-party, supply chain, and cybersecurity risk to the market. He is the author of the books "Cybersecurity & Third-Party Risk: Third-Party Threat Hunting" (Wiley, 2021) and "Zero Trust and Third-Party Risk" (Wiley, 2023), and the content creator of the training and certification program "Third-Party Cyber Risk Assessor (TPCRA)" (Third Party Risk Association, 2023). He frequently serves as a keynote speaker and panelist on topics related to cybersecurity and risk management, along with writing blogs, podcasts, and online articles. Greg was the SVP and Leader for Cyber Third-Party Risk at Truist Financial Corp., and he received his B.A. from Claremont McKenna College. He is also actively engaged in leadership roles with cybersecurity and third-party risk task forces, boards, and industry groups.

Maria C. Rasner (CISM, CCSK, CCZT, ITIL) has extensive experience in Identity and Access Management (IAM) and Privileged Access Management (PAM). She has run governance, operations, remediation, implementation, and large IAM and PAM programs at small to large enterprises. Her experience and certifications include cloud certifications in Microsoft and AWS and implementation of PIM in the cloud. Maria has published several articles in the ISSA online journal and Identity Defined Security Alliance. Maria is passionate about mentoring others and has been part of her organization's WIT (Women in IT) program to help empower women achieve their career goals in IT. Maria currently works for a large US bank as an IAM leader.