Fundamentals of Cybersecurity Supply Chain Risk Management (C-SCRM)
Audience Profile
The Cybersecurity Supply Chain Risk Management (C-SCRM) course is appropriate for anyone who deals with risk, security, or technology related to the supply chain in an organization. This includes business, security, and IT professionals or anyone else who is a stakeholder in Cybersecurity Supply Chain Risk Management (C-SCRM). This course is specifically for those who have responsibility for or interest in C-SCRM. This is not a general IT security course.
Prerequisites
Basic computer knowledge and an interest in creating or improving Cybersecurity Supply Chain Risk Management (C-SCRM) in an organization.
Outline
MODULE 1: COURSE INTRODUCTION
Provides the student with information relative to the course and the conduct of the course in the classroom, virtual classroom, and course materials.
MODULE 2: THE BASICS OF CYBERSECURITY SUPPLY CHAIN RISK MANAGEMENT
What is C-SCRM
ICT, IT, OT, and Enterprise vs Organization
The Dimensions of SCRM
Describing the Supply Chain of an Enterprise
Internal C-SCRM Stakeholders
MODULE 3: AN OVERVIEW OF NIST SP 800-161R1
Name and Purpose
Relationship to other NIST Publications
o Cybersecurity Framework (NIST CSF)
o Describing the NIST 800 Special Publication Series
o SP 800-37, Revision 2: The NIST Risk Management Framework (RMF)
o SP 800-39, Managing Information Security Risk: Organization, Mission, and
o Information System View
o SP 800-53, Revision 5: Security and Privacy Controls for Information Systems and Organizations
o SP 800-53B Control Baselines for Information Systems and Organizations
o SP 800-181, Revision 1, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
Design of the Publication
MODULE 4: INTEGRATION OF C- SCRM INTO ENTERPRISE RISK MANAGEMENT
The Enterprise Risk Management Process
The Business Case for C-SCRM
Cybersecurity Risks Throughout Supply Chains
Multilevel Risk Management
o Defining Roles and Responsibilities
o Level 1 – Enterprise
o Level 2 – Mission and Business Process
o Level 3 – Operational
C-SCRM Program Management Office (PMO)
MODULE 5: CRITICAL SUCCESS FACTORS IN C-SCRM
C-SCRM in Acquisition
Supply Chain Information Sharing
C-SCRM Training and Awareness
C-SCRM Key Practices
Capability Implementation Measurement and C-SCRM Measures
Dedicated Resources
MODULE 6: C-SCRM SECURITY CONTROLS
Introduction and Background
Controls Design
C-SCRM Controls Throughout the Enterprise
o Applying C-SCRM Controls to Acquiring
o Considerations for Suppliers
o Considerations for Developers and Manufacturers
o Considerations for System Integrators
o Considerations for External System Service Providers of Information System Services
o Considerations for Other ICT/OT-Related Service Providers
Selecting, Tailoring, And Implementing C-SCRM Security Controls
C-SCRM Control Family Summaries
MODULE 7: THE RISK EXPOSURE FRAMEWORK
Threat Scenario Description and Use Cases
Risk Exposure Framework
o Step 1: Create a Plan for Developing and Analyzing Threat Scenarios
o Step 2: Characterize the Environment
o Step 3: Develop and Select Threat Events for Analysis
o Step 4: Conduct an Analysis Using the Risk Exposure Framework
o Step 5: Determine C-SCRM Applicable Controls
o Step 6: Evaluate/Feedback
Risk Exposure Framework Example
Risk Exposure Framework Scenarios
o Scenario 1: Influence or Control by Foreign Governments Over Suppliers
o Scenario 2: Telecommunications Counterfeits
o Scenario 3: Industrial Espionage
o Scenario 4: Malicious Code Insertion
o Scenario 5: Unintentional Compromise
o Scenario 6: Vulnerable Reused Components Within Systems
MODULE 8: A PRIMER ON CREATING A C-SCRM PROGRAM
C-SCRM Strategy and Implementation Plan
C-SCRM Policy
C-SCRM Plan
Cybersecurity Supply Chain Risk Assessment Template
Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com
Request a Date