The Cybersecurity Due Diligence Handbook by John Reed Stark

Cybersecurity due diligence has been defined as “the review of the governance, processes and controls that are used to secure information assets,” which is a broad and sweeping undertaking equal to, or even more important than, financial and legal due diligence considerations. Shareholders, regulators, employees, management and everyone else involved in a transaction expect cybersecurity due diligence to be a substantial effort to understand a company’s data security issues. So what does proper and appropriate cybersecurity due diligence entail? This cybersecurity due diligence primer, specially tailored to apply to all kinds of corporate transactions involving all kinds of companies will answer that question. Within this handbook, due diligence teams will find an exhaustive catalogue of categories that provide a bedrock of inquiry to help navigate cybersecurity due diligence responsibilities. In addition, this handbook provides the requisite strategic framework to engage in an intelligent, thoughtful and appropriate approach to understanding the cybersecurity risks existing at any company. By using this handbook, teams conducting cybersecurity due diligence not only can become more preemptive in evaluating cybersecurity risk exposure, but they also can successfully elevate cybersecurity from an ancillary IT concern to a core enterprise-wide risk management issue, residing at the top of any due diligence checklist.