Does anyone have playbooks, or checklists covering cybersecurity aspects of Divestitures, Mergers, and acquisitions?
Sort By:
Oldest
Director of Network Transformationa year ago
Excellent question!! Folks, please share what should be included in a playbook/checklist. Let's crowdsource one!Group Director of Information Security in Banking4 months ago
I am assuming that you've been tasked with establishing cyber risk posture of the organisation someone is merging with or acquiring. The deliverables expected would be risk ratings or financial numbers on below 6 aspects:1. Potential complications for post-merger integration and overall degradation of security posture of the combined merged-network post merger (if any?).
2. Rate of occurrence of frequent or un-identified data breaches or possibility of a inheriting a pre-compromised network.
3. Threats to both customer and business data. State of data protection controls.
4. Risk of non compliance to regulatory obligations applicable.
5. Risk of systems compromise and backup plans due to insider threats (e.g. admins compromising network remotely under threat of losing their jobs.)
6. Cost of correcting existing problems including licensing non-compliance or unknown/uncatered for licensing (primarily opex).
Task gets murky if the workloads are hybrid or multi-cloud based.
If the above 6 makes sense, its easy to create a quick playbook yourself until crowdsourcing takes shape.
Sr. Director in Healthcare and Biotecha month ago
A key area is risk associated with their 3rd party mgmt program and portfolio. those key partners are essential to understand and build plans to incorporate and mitigate. VP of IT in Manufacturinga month ago
Bring in a security company to scan their entire network for vulnerabilities, and make sure the worse ones are addressed before you connect their network to yours.