(Supply-Chain) Risk Management according to ISO/IEC27036
4.3 (4 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
34 students enrolled
Wishlisted Wishlist

Please confirm that you want to add (Supply-Chain) Risk Management according to ISO/IEC27036 to your Wishlist.

Add to Wishlist

(Supply-Chain) Risk Management according to ISO/IEC27036

Understanding Supply-Chain Information Security Risk Management
4.3 (4 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
34 students enrolled
Created by Michael Goedeker
Last updated 8/2015
English
Current price: $10 Original price: $75 Discount: 87% off
1 day left at this price!
30-Day Money-Back Guarantee
Includes:
  • 2 hours on-demand video
  • 1 Supplemental Resource
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Understand Supply-Chain
  • Understand ICT Supply-Chain Risks
  • Understand how to address Information Security risks
  • Understand what ISO/IEC27036 is and how it links to the 2700X family
View Curriculum
Requirements
  • Be curious
Description

Cyber threats, hackers, espionage and warfare are increasing the amount of successful attacks on critical infrastructure and companies of all sizes. We have technologies that are somewhat successful at blocking and stoping "some" attacks.

Amidst these threat vectors many people forget some of the most obvious targets like the supply chain and the security of data, information and IP as it leaves the outsourcing company (acquirer) to the supplier. An example of this type of attack is what happened to one of the biggest SIM manufacturers of the world Gemalto.

Supply chain risk management in its simplest form:

  1. Concentrates on identifying supply chain information security risks and the likelihood of those risks being exploited by missing governance, processes and misunderstandings between acquirer and supplier
  2. What types of risks are likely to a company or possibly a nation if supply chain risks and suppliers are not managed correctly
  3. Help you identify which risks you have based on the type of supplier and more importantly which assets you need to protect
  4. Choose mechanisms, processes and procedures that can mitigate and minimize some risks
Who is the target audience?
  • Anyone involved in InfoSec, Risk Management, Supply Chain Management or Security
Students Who Viewed This Course Also Viewed
Curriculum For This Course
Expand All 15 Lectures Collapse All 15 Lectures 02:20:25
+
Introduction to Supply-Chain Risk Managment
14 Lectures 02:07:25

This is an introduction to the course, what we will be looking at and why this is important to anyone interested in information security and supply chain security.

Preview 00:48

This section explains what risk management is and what are the major components of a simple risk management approach and program. (copyright 2014-2015 M.Goedeker)

Preview 04:35

This lecture discusses the terms and some definitions commonly used in supply chain information security and the ISO/IEC 27036.

Preview 06:42

This section discusses the need for external companies that may be needed based on process, product, service or a mixture of services in order to fulfill production and manufacturing needs.

Reasons for information security in outsourcing and for supply chain
08:24

This section explains different types of suppliers and supplier types. Each supplier type has a specific relationship and requirements as well as risk aspects.

Supplier relationships
14:38

Introducing suppliers into any supply chain that are not from the company (external) are additional risks to governance and information security. This section explains the underlying issues with external companies and securing data and information while producing products and services.

Info Sec risks and threats in the supply chain
12:13

As multiple suppliers are added into the mix of risks, outsourcing it, data and information security into a multi-tiered supplier network makes governance and security more complex. This section discussed the unique challenges involving multi-tiered suppliers and their IT security risks.

ICT Supply Chain and additional risks of outsourcing
09:29

Guidance on implementing controls and mechanisms to manage information security within the supply chain.

Managing supplier and supply chain information security
07:16

This is the structure of the ISO/IEC standard for Information security in supplier relationships.

ISO/IEC27036 IT Security for supplier relationships
12:56

Supply chains can also be involved in critical infrastructure and require that certain processes and mechanisims be in place to prove compliance at the national level. This requires knowledge from both the acquirer as well as the suppler in which relevant laws and regulations apply to the outsourced services and products in the supply chain.

National considerations to supply chain info sec
08:58

Supply chains can also be involved in (globally relevant) critical infrastructure and require that certain processes and mechanisims be in place to prove compliance at the international level. This requires knowledge from both the acquirer as well as the suppler in which relevant laws and regulations apply to the outsourced services and products in the supply chain. As the supply chain becomes more dispersed into multi-tiers, so does the complexity and range of monitoring that is needed to ensure proper security measures are in place.

International considerations to supply chain info sec
11:35

In order to satisfy the reporting and mitigating of risks at certain levels an acquirer or regulatory entity may request that suppliers either submit to a 2nd party audit or submit proof of an internal audit. In reality many suppliers have pushed back but as regulatory issues and compliance grow this will change as customer expect this to be possible. (Copyright 2014-2015 M.Goedeker)

Internal, Self and External Audits of Suppliers
11:40

This section looks at ways in which a company can limit or reduce risks and monitor suppliers adherence to compliance and regulatory requirements by implementing mechanisms, procedures, processes and agreements.

Ways of mitigating supply chain risks and suppliers
06:37

This lecture provides a short overview of some areas or vectors / factors of supply chain attacks from nation-states, competitors or attackers (cyber espionage, warfare, or crime). (Copyright 2014-2015 M.Goedeker)

Attack vectors / factors in supply chain hacks and attacks
11:34
+
Exam
0 Lectures 00:00

This exam checks to see that course participants have understood the concepts and basics of Supply chain information security risk management. (Copyright 2014-2015 M.Goedeker)

Introduction to Risk Management (Basics Exam)
7 questions
+
Course Materials
1 Lecture 00:00

Here are additional documents and inputs that will help you understand aspects of this introduction to supply chain security and information security based on ISO27036 and best practices.

Course Presentation & Materials
13 pages
About the Instructor
Michael Goedeker
4.1 Average rating
310 Reviews
6,558 Students
5 Courses
Cyber Security Researcher, Speaker & Trainer, M.Sc. CISSP

Michael has worked on multiple projects globally from architecture to cyber security, working with some of the biggest fortune 50 companies and within the top 5 consulting industry. Some companies he has worked with and for include Accenture, Avanade, Dell, FSC, HP, IBM, Microsoft, Sophos and Symantec.

Michael's company (HakDefNet) currently does research and projects focused on Global Cyber Threats, International Business and Security Leadership and are aimed at making security products, processes, solutions and defense against cyber threats as easy to understand and implement as possible. Michael is also the author of the chapter "Cyber Security: Future IT-Security Challenges for Tomorrow's Leaders and Businesses", and recently participated in an interview with IGI Global Promotions Coordinator Ann Lupold, elaborating on elevating issues in cyber security and cyber espionage, as well as the challenges that leaders and businesses face in confronting such issues. He also has written for various IT, Channel and Business publications and newspapers internationally.

Michael is also certified as an ISO/IEC27001:2013 Lead Auditor and is the first cyber security trainer to ever be keynote speaker at Davos.