Fundamentals of Cybersecurity Supply Chain Risk Management (C-SCRM)
This two-day course consists not only of training in understanding Cybersecurity Supply Chain Risk Management (C-SCRM) but also provides guidance in preparing organizations to deal with the myriad of risks that come from the supply chain. It covers the basics of C-SCRM and then dives deeply into NIST C-SCRM guidance, integration into enterprise risk management, success factors, controls, and implementing effective C-SCRM through the lens of several realistic scenarios. Also included is a primer, linked to free templates, on creating your own C-SCRM program.
Course Information
Price: $1,595.00
Duration: 2 days
Certification:
Exam:
Continuing Education Credits:
Learning Credits:
Check out our full list of training locations and learning formats. Please note that the location you choose may be an Established HD-ILT location with a virtual live instructor.
Train face-to-face with the live instructor.
Access to on-demand training content anytime, anywhere.
Attend the live class from the comfort of your home or office.
Interact with a live, remote instructor from a specialized, HD-equipped classroom near you. An SLI sales rep will confirm location availability prior to registration confirmation.
All Sunset Learning dates are guaranteed to run!
Register
- Please Contact Us to request a class date or speak with someone about scheduling options.
Prerequisites:
Basic computer knowledge and an interest in creating or improving Cybersecurity Supply Chain Risk Management (C-SCRM) in an organization.
Target Audience:
The Cybersecurity Supply Chain Risk Management (C-SCRM) course is appropriate for anyone who deals with risk, security, or technology related to the supply chain in an organization. This includes business, security, and IT professionals or anyone else who is a stakeholder in Cybersecurity Supply Chain Risk Management (C-SCRM). This course is specifically for those who have responsibility for or interest in C-SCRM.
Course Objectives:
Course Outline:
MODULE 1: COURSE INTRODUCTION
- Provides the student with information relative to the course and the conduct of the course in the classroom, virtual classroom, and course materials.
MODULE 2: THE BASICS OF CYBERSECURITY SUPPLY CHAIN RISK MANAGEMENT
- What is C-SCRM
- ICT, IT, OT, and Enterprise vs Organization
- The Dimensions of SCRM
- Describing the Supply Chain of an Enterprise
- Internal C-SCRM Stakeholders
MODULE 3: AN OVERVIEW OF NIST SP 800-161R1
- Name and Purpose
- Relationship to other NIST Publications
- Cybersecurity Framework (NIST CSF)
- Describing the NIST 800 Special Publication Series
- SP 800-37, Revision 2: The NIST Risk Management Framework (RMF)
- SP 800-39, Managing Information Security Risk: Organization, Mission, and
- Information System View
- SP 800-53, Revision 5: Security and Privacy Controls for Information Systems and Organizations
- SP 800-53B Control Baselines for Information Systems and Organizations
- SP 800-181, Revision 1, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
- Design of the Publication
MODULE 4: INTEGRATION OF C- SCRM INTO ENTERPRISE RISK MANAGEMENT
- The Enterprise Risk Management Process
- The Business Case for C-SCRM
- Cybersecurity Risks Throughout Supply Chains
- Multilevel Risk Management
- Defining Roles and Responsibilities
- Level 1 – Enterprise
- Level 2 – Mission and Business Process
- Level 3 – Operational
- C-SCRM Program Management Office (PMO)
MODULE 5: CRITICAL SUCCESS FACTORS IN C-SCRM
- C-SCRM in Acquisition
- Supply Chain Information Sharing
- C-SCRM Training and Awareness
- C-SCRM Key Practices
- Capability Implementation Measurement and C-SCRM Measures
- Dedicated Resources
MODULE 6: C-SCRM SECURITY CONTROLS
- Introduction and Background
- Controls Design
- C-SCRM Controls Throughout the Enterprise
- Applying C-SCRM Controls to Acquiring
- Considerations for Suppliers
- Considerations for Developers and Manufacturers
- Considerations for System Integrators
- Considerations for External System Service Providers of Information System Services
- Considerations for Other ICT/OT-Related Service Providers
- Selecting, Tailoring, And Implementing C-SCRM Security Controls
- C-SCRM Control Family Summaries
MODULE 7: THE RISK EXPOSURE FRAMEWORK
- Threat Scenario Description and Use Cases
- Risk Exposure Framework
- Step 1: Create a Plan for Developing and Analyzing Threat Scenarios
- Step 2: Characterize the Environment
- Step 3: Develop and Select Threat Events for Analysis
- Step 4: Conduct an Analysis Using the Risk Exposure Framework
- Step 5: Determine C-SCRM Applicable Controls
- Step 6: Evaluate/Feedback
- Risk Exposure Framework Example
- Risk Exposure Framework Scenarios
- Scenario 1: Influence or Control by Foreign Governments Over Suppliers
- Scenario 2: Telecommunications Counterfeits
- Scenario 3: Industrial Espionage
- Scenario 4: Malicious Code Insertion
- Scenario 5: Unintentional Compromise
- Scenario 6: Vulnerable Reused Components Within Systems
MODULE 8: A PRIMER ON CREATING A C-SCRM PROGRAM
- C-SCRM Strategy and Implementation Plan
- C-SCRM Policy
- C-SCRM Plan
- Cybersecurity Supply Chain Risk Assessment Template