Course Outline

Introduction

  • The time and cost of cyber risk management vs the time and cost from a disruption to the supply chain.

Key Cyber Supply Chain Risks

  • In-house software and hardware vulnerabilities
  • Third party hardware and software vulnerabilities
  • In-house security knowledge and practices
  • Third-party security knowledge and practices

Supply Chain Cyber Risk Case Study

  • Risk exposure through third-party software

Tools and Techniques for Attacking a Supply Chain

  • Malware
  • Ransomware
  • Adware

Supply Chain Cyber Risk Case Study

  • Outsourcing to an external website builder

Cyber Supply Chain Security Principles

  • Assume your system will be breached.
  • Cybersecurity as a technology + people + process + knowledge problem.
  • Physical vs cybersecurity

Supply Chain Cyber Risk Case Study

  • Outsourcing data storage to a third-party provider

Assessing Your Organization's Risk Level

  • Hardware and software design processes
  • Mitigation of known vulnerabilities
  • Knowledge of emerging vulnerabilities
  • Monitoring of production systems and processes

Supply Chain Cyber Risk Case Study

  • Cyber attacks by internal members of the team

Internal Security Threats

  • Disgruntled employees and not so-disgruntled employees
  • Access to login credentials
  • Access IoT devices

Forming Collaborative Partnerships

  • Proactive vs punitive approach to vendor risk
  • Achieving a common objective
  • Fostering growth
  • Mitigating risks

A Model for Implementing Supply Chain Cyber Security

  • Vetting suppliers
  • Establishing control
  • Continuous monitoring and improvement
  • Training and education
  • Implementing multiple layers of protection
  • Creating a cyber-crisis team

Summary and Conclusion

Requirements

  • Experience with supply chains

Audience

  • Supply chain managers and stakeholders
  7 Hours
 

Need help picking the right course?
Call us +971 4871 6715

Testimonials

Ann is very knowledgeable on the subject. She is constantly varying pace according to the feedback. There is a lot of room for discussing attendee's own experiences. It was a great joy !.

Sjoerd Hulzinga - KPN p/a Bloomville

It was quite informal.

- Capita Business Services Ltd

Trainer covered a lot of ground over a relatively short period.

- Capita Business Services Ltd

I found it very interesting to learn all about what happens behind the scenes when it comes to IT systems. I also enjoyed learning about security and what hackers do as ethical hacking is an avenue I'm very keen in pursuing.

- Knowledge Pool/ DVLA

Richard was very knowledgeable in his field.

- Knowledge Pool/ DVLA

It was pitched at the right level - challenging but understandable & informative.

Louise Voisey - Capita Business Services Ltd

Hacking

Mohalmald Salim - PSO

Level of expertise from the trainer Use case examples

Pierre Maillot - Bosch

His deep knowledge of the IoT topic.

Bosch

Ron's experience on how to successfully implement IoT projects and the deep technical subjects covered.

Bosch

relevance of content to our I4.0 business environment

Bosch

Very knowledgeable trainer, was able to adjust to audience knowledge, excellent industry experience and ability to relate to audience needs Excellent content preparation , tailored to needs discussed beforehand. Good supplement reading materials prepared by trainer

Oliver Steinig - Bosch

Ron was very mindful of his audience and addressed everyone's questions. He checked his audience for clarity and was willing to spend the time to review a topic until everyone understood the topic. He gauged the audience for energy levels and suggested a break when he saw that the energy from the group was waning. This was much appreciated.

Bosch

The pace of training delivery.

Ian McInally - KnowledgePool

the exercises and group discussions.

KnowledgePool

The trainer was very knowledgeable and was happy to go at the pace of the attendees. He was polite and respectful to all those in attendance. I felt I learnt a lot from the course as the trainer was very succinct in his delivery when going through the PP slides. A really good, worth while course from my personal point of view.

Julie Price - KnowledgePool

The environment was really relaxed and open so everyone could ask questions or put across points of view or experience. David the trainer was a SME on the subject and his style was very good.

KnowledgePool

Tutorials

ICAO

The example and exercise

ICAO

I got more information regarding the web applications' security issues, the different tools that could be used to cope with these issues, and more advice from the trainer to handle all these issues.

ICAO

the list of tools

ICAO

how it was broken into the technical and security mindset aspects.

ICAO

Excercises.

ICAO

he is very knowledgeable and comprehensive.

ICAO

Matthew was very knowledge and has lot experience to share with us. it was very pleasant, as he take the time to listen to us and answer to our questions. Thank you Matthew, it was awesome.

ICAO

The second day, scenarios exercises.

Christina Hutchings - KnowledgePool

The real life examples Ron gave.

Bosch

I liked the trainer's introduction and anecdotes to make the learning more real

KnowledgePool

David's in depth knowledge. His relationship building skills with the audience. I really enjoyed the way he managed to make us (as a collective audience) enjoy the quite dry and uninteresing subject matter. He had anecdotes and knowledge of specific examples of security failings - hacker attacks - BCP 'breakdowns' etc which put flesh on the bones to the piece of legislation or 'best practice' for BCP that he was trying to teach us about. A really engaging, down to earth and personable man: A very good listener and a fabulous, charismatic trainer.

Cris Bollin - KnowledgePool

All is excellent

Manar Abu Talib - Dubai Electronic Security Center

- Understanding that ATT&CK creates a map that makes it easy to see, where an organization is protected and where the vulnerable areas are. Then to identify the security gaps that are most significant from a risk perspective. - Learn that each technique comes with a list of mitigations and detections that incident response teams can employ to detect and defend. - Learn about the various sources and communities for deriving Defensive Recommendations.

CHU YAN LEE - PacificLight Power Pte Ltd

He took his time to make sure everyone understood and were on the same wave length

Tina Hopkins - Capita Business Services Ltd

I found the training too in depth for IT beginners. There was too many high level subjects that i felt were too advanced for a beginner level.

Capita Business Services Ltd

Related Courses

Certified Chief Information Security Officer (CCISO)

  35 hours
EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program
Read More...

Certified Ethical Hacker

  35 hours
Objectives: To prepare the student for the Ethical Hacking and Countermeasures examination. On passing this examination you will be awarded the Certified Ethical Hacker certification Target Audience: This course will significantly benefit
Read More...

Incident Response

  21 hours
Read More...

Threat Hunting

  21 hours
Read More...

Standard Java Security

  14 hours
Description The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only
Read More...

Java and Web Application Security

  21 hours
Description Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are
Read More...

Advanced Java Security

  21 hours
Even experienced Java programmers are not mastering by all means the various security services offered by Java, and are likewise not aware of the different vulnerabilities that are relevant for web applications written in Java. The course –
Read More...

Advanced Java, JEE and Web Application Security

  28 hours
Beyond solid knowledge in using Java components, even for experienced Java programmers it is essential to have a deep knowledge in web-related vulnerabilities both on server and client side, the different vulnerabilities that are relevant for web
Read More...

C/C++ Secure Coding

  21 hours
This three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure
Read More...

Microsoft SDL Core

  14 hours
The Combined SDL core training gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides a level 100 overview of the fundamental building blocks of SDL, followed by design
Read More...

.NET, C# and ASP.NET Security Development

  14 hours
A number of programming languages are available today to compile code to .NET and ASP.NET frameworks. The environment provides powerful means for security development, but developers should know how to apply the architecture- and coding-level
Read More...

Certificate of Cloud Security Knowledge

  14 hours
Description: This 2-day CCSK Plus course includes all content from the CCSK Foundation course, and expands on it with extensive hands-on labs in a second day of training. Students will learn to apply their knowledge by performing a series of
Read More...

Fundamentals of Corporate Cyber Warfare

  14 hours
Cyber Warfare is a growing problem for enterprises. As attackers employ more and more sophisticated technologies to launch their attacks, it is vital for companies to understand the nature of these attacks and the defense mechanisms needed to keep
Read More...

Open Source Cyber Intelligence - Introduction

  7 hours
This Introduction to Open Source Intelligence (OSINT) course will provide delegates with skills to become more efficient and effective at finding those key pieces of intelligence on the Internet and World Wide Web. The course is highly practical
Read More...

Open Source Intelligence (OSINT) Advanced

  21 hours
Open Source Intelligence (OSINT) refers to any information that can legally be gathered from free, public sources about an individual or organization. OSINT also refers to the process of collecting this data, analyzing it, and using it for
Read More...