Course Outline
Introduction
- The time and cost of cyber risk management vs the time and cost from a disruption to the supply chain.
Key Cyber Supply Chain Risks
- In-house software and hardware vulnerabilities
- Third party hardware and software vulnerabilities
- In-house security knowledge and practices
- Third-party security knowledge and practices
Supply Chain Cyber Risk Case Study
- Risk exposure through third-party software
Tools and Techniques for Attacking a Supply Chain
- Malware
- Ransomware
- Adware
Supply Chain Cyber Risk Case Study
- Outsourcing to an external website builder
Cyber Supply Chain Security Principles
- Assume your system will be breached.
- Cybersecurity as a technology + people + process + knowledge problem.
- Physical vs cybersecurity
Supply Chain Cyber Risk Case Study
- Outsourcing data storage to a third-party provider
Assessing Your Organization's Risk Level
- Hardware and software design processes
- Mitigation of known vulnerabilities
- Knowledge of emerging vulnerabilities
- Monitoring of production systems and processes
Supply Chain Cyber Risk Case Study
- Cyber attacks by internal members of the team
Internal Security Threats
- Disgruntled employees and not so-disgruntled employees
- Access to login credentials
- Access IoT devices
Forming Collaborative Partnerships
- Proactive vs punitive approach to vendor risk
- Achieving a common objective
- Fostering growth
- Mitigating risks
A Model for Implementing Supply Chain Cyber Security
- Vetting suppliers
- Establishing control
- Continuous monitoring and improvement
- Training and education
- Implementing multiple layers of protection
- Creating a cyber-crisis team
Summary and Conclusion
Requirements
- Experience with supply chains
Audience
- Supply chain managers and stakeholders
Testimonials (5)
All is satisfy
Motaz Abdallat - شركة الشرق الأدنى للتواصل الإجتماعي
Course - Open Source Intelligence (OSINT) Advanced
General course information
Paulo Gouveia - EID
Course - C/C++ Secure Coding
Questions, that helps me a lot to understand the characteristics of CRISC examination.
Masakazu Yoshijima - Bank of Yokohama, Ltd.
Course - CRISC - Certified in Risk and Information Systems Control
Piotr was incredibly knowledgeable and very patient. He was great at explaining things and I'd strongly recommend this course to others
Victoria Harper
Course - Open Source Cyber Intelligence - Introduction
Instructor delivery of information; At the end of the day it was Gaurav who pulled off this topic focusing on building strong fundamentals and devising a methodology to be retained with us