(Supply-Chain) Risk Management according to ISO/IEC27036
What you'll learn
- Understand Supply-Chain
- Understand ICT Supply-Chain Risks
- Understand how to address Information Security risks
- Understand what ISO/IEC27036 is and how it links to the 2700X family
- Be curious
Cyber threats, hackers, espionage and warfare are increasing the amount of successful attacks on critical infrastructure and companies of all sizes. We have technologies that are somewhat successful at blocking and stoping "some" attacks.
Amidst these threat vectors many people forget some of the most obvious targets like the supply chain and the security of data, information and IP as it leaves the outsourcing company (acquirer) to the supplier. An example of this type of attack is what happened to one of the biggest SIM manufacturers of the world Gemalto.
Supply chain risk management in its simplest form:
- Concentrates on identifying supply chain information security risks and the likelihood of those risks being exploited by missing governance, processes and misunderstandings between acquirer and supplier
- What types of risks are likely to a company or possibly a nation if supply chain risks and suppliers are not managed correctly
- Help you identify which risks you have based on the type of supplier and more importantly which assets you need to protect
- Choose mechanisms, processes and procedures that can mitigate and minimize some risks
Who this course is for:
- Anyone involved in InfoSec, Risk Management, Supply Chain Management or Security
Hi, my name is Mike and I have been working in the IT and Security space for more than 30 years. As a result of this long time in the security and technology industry I have amassed more than 15 separate certifications ranging from CISSP to more specific ones like SIEM Engineer. My academic life has seen multiple degrees and research as well from the apprenticeship all the way up to Doctoral Research for Heriot Watt University in Edinburgh and my Masters at Ulster University in Ireland.
I am an author of 5 books in English and 3 in German as well as multiple articles, reports and papers on topics ranging from Cyberbullying in Social Networks up to and including Nation State Cyber Warfare and Espionage.
Health-wise I have completed my Trainer Certification as well as Meditation, Fitness Instructor and also Tai-Chi Qi Gong training for relaxation, anti stress and other forms of holistic health practices.
My specialities are Security, Cybersecurity, Cyber Risk, Intelligence, IT Technologies, Stress, Risk Management, Business Leadership, Business Management / Economics, Doctoral Research, and Holistic Health.