Course Outline
Introduction
- The time and cost of cyber risk management vs the time and cost from a disruption to the supply chain.
Key Cyber Supply Chain Risks
- In-house software and hardware vulnerabilities
- Third party hardware and software vulnerabilities
- In-house security knowledge and practices
- Third-party security knowledge and practices
Supply Chain Cyber Risk Case Study
- Risk exposure through third-party software
Tools and Techniques for Attacking a Supply Chain
- Malware
- Ransomware
- Adware
Supply Chain Cyber Risk Case Study
- Outsourcing to an external website builder
Cyber Supply Chain Security Principles
- Assume your system will be breached.
- Cybersecurity as a technology + people + process + knowledge problem.
- Physical vs cybersecurity
Supply Chain Cyber Risk Case Study
- Outsourcing data storage to a third-party provider
Assessing Your Organization's Risk Level
- Hardware and software design processes
- Mitigation of known vulnerabilities
- Knowledge of emerging vulnerabilities
- Monitoring of production systems and processes
Supply Chain Cyber Risk Case Study
- Cyber attacks by internal members of the team
Internal Security Threats
- Disgruntled employees and not so-disgruntled employees
- Access to login credentials
- Access IoT devices
Forming Collaborative Partnerships
- Proactive vs punitive approach to vendor risk
- Achieving a common objective
- Fostering growth
- Mitigating risks
A Model for Implementing Supply Chain Cyber Security
- Vetting suppliers
- Establishing control
- Continuous monitoring and improvement
- Training and education
- Implementing multiple layers of protection
- Creating a cyber-crisis team
Summary and Conclusion
Requirements
- Experience with supply chains
Audience
- Supply chain managers and stakeholders
Testimonials (5)
Overview of Risk topics and preparing for exam
Leszek - EY GLOBAL SERVICES (POLAND) SP Z O O
Course - CRISC - Certified in Risk and Information Systems Control
Lap Qradar
Sutthikan Noisombat - NTT
Course - IBM Qradar SIEM: Beginner to Advanced
Instructor delivery of information; At the end of the day it was Gaurav who pulled off this topic focusing on building strong fundamentals and devising a methodology to be retained with us
Raheal Akhtar - Dubai Government Human Resources Department
Course - Certified Ethical Hacker
Accessing tools and being able to ask questions to someone friendly who I felt wouldn't judge me
Kiara
Course - Open Source Cyber Intelligence - Introduction
The simple explanation of the trainer