Does anyone have playbooks, or checklists covering cybersecurity aspects of Divestitures, Mergers, and acquisitions? 

Security & GRC
4.2k views2 Upvotes4 Comments
Sort By:
Oldest
Director of Network Transformationa year ago
Excellent question!!  Folks, please share what should be included in a playbook/checklist.  Let's crowdsource one!
3
Group Director of Information Security in Banking4 months ago
I am assuming that you've been tasked with establishing cyber risk posture of the organisation someone is merging with or acquiring. The deliverables expected would be risk ratings or financial numbers on below 6 aspects:

1. Potential complications for post-merger integration and overall degradation of security posture of the combined merged-network post merger (if any?).
2. Rate of occurrence of frequent or un-identified data breaches or possibility of a inheriting a pre-compromised network.
3. Threats to both customer and business data. State of data protection controls.
4. Risk of non compliance to regulatory obligations applicable.
5. Risk of systems compromise and backup plans due to insider threats (e.g. admins compromising network remotely under threat of losing their jobs.)
6. Cost of correcting existing problems including licensing non-compliance or unknown/uncatered for licensing (primarily opex).

Task gets murky if the workloads are hybrid or multi-cloud based.
If the above 6 makes sense, its easy to create a quick playbook yourself until crowdsourcing takes shape.

Sr. Director in Healthcare and Biotecha month ago
A key area is risk associated with their 3rd party mgmt program and portfolio. those key partners are essential to understand and build plans to incorporate and mitigate. 
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
VP of IT in Manufacturinga month ago
Bring in a security company to scan their entire network for vulnerabilities, and make sure the worse ones are addressed before you connect their network to yours.
1

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

What cybersecurity topics do you think are critical for CIOs to be more involved in, even in orgs that have a CISO?

Relationship ManagementSecurity & GRCSecurity Strategy & Roadmap+1 more
Director of IT in Healthcare and Biotech9 days ago
Cybersecurity governance and risk management (setting up monitoring of emerging threats), data protection and privacy compliance (standardize on data protection across all channels), incident response and recovery planning ...read more
Read More Comments
1.3k views3 Comments

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
Director of Information Security9 days ago
We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this ...read more
Read More Comments
364 views3 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote