Supply Chain Risk Management(SCRM) ISO/IEC27036 / ISO28000
What you'll learn
- Understand Supply-Chain
- Understand ICT Supply-Chain Risks
- Understand how to address Information Security risks
- Understand what ISO/IEC27036 is and how it links to the 2700X family
Requirements
- Be curious
Description
In today's Supply Chain, cyber threats, hackers, espionage, and warfare are increasing the amount of successful attacks on critical infrastructure and companies of all sizes. We have technologies that are somewhat successful at blocking and stopping "some" attacks. But what happens when we need supply chain security or risk management? The things we wear, eat, and need would no longer exist. Risk Management is not the sexier of areas in security, but since it is so invisible, it is just as important as secure coding or SOC.
Amidst these threat vectors, many people forget some of the most prominent targets, like the supply chain and the security of data, information, and IP, as it leaves the outsourcing company (acquirer) to the supplier. An example of this type of attack is what happened to one of the biggest SIM manufacturers in the world, Gemalto.
Supply chain risk management in its simplest form:
Concentrates on identifying supply chain information security risks and the likelihood of those risks being exploited by missing governance, processes, and misunderstandings between acquirer and supplier
What types of risks are likely to a company or possibly a nation if supply chain risks and suppliers are not managed correctly
Help you identify which risks you have based on the type of supplier and, more importantly, which assets you need to protect
Choose mechanisms, processes, and procedures that can mitigate and minimize some risks
Who this course is for:
- Anyone involved in InfoSec, Risk Management, Supply Chain Management or Security
Instructor
Hi, my name is Mike and I have been working in the IT and Security space for more than 30 years. As a result of this long time in the security and technology industry I have amassed more than 15 separate certifications ranging from CISSP to more specific ones like SIEM Engineer. My academic life has seen multiple degrees and research as well from the apprenticeship all the way up to Doctoral Research for Heriot Watt University in Edinburgh and my Masters at Ulster University in Ireland.
I am an author of 5 books in English and 3 in German as well as multiple articles, reports and papers on topics ranging from Cyberbullying in Social Networks up to and including Nation State Cyber Warfare and Espionage.
Health-wise I have completed my Trainer Certification as well as Meditation, Fitness Instructor and also Tai-Chi Qi Gong training for relaxation, anti stress and other forms of holistic health practices.
My specialities are Security, Cybersecurity, Cyber Risk, Intelligence, IT Technologies, Stress, Risk Management, Business Leadership, Business Management / Economics, Doctoral Research, and Holistic Health.