The CSSE Course offers a deep dive into the security risks associated with software supply chains, providing you with the knowledge and skills to identify, validate, and mitigate these risks.
Through hands-on exercises in our browser-based labs, you will gain real-world experience dealing with supply chain attack scenarios. Once you have compromised a system, you will also fix issues to gain a comprehensive understanding of supply chain issues.
We will begin the course with an overview of the risks involved in using commercial, open-source, and proprietary third-party code. You will then explore security threats involving container and orchestration systems like Kubernetes. Finally, we will showcase the attack scenarios involving the cloud and its managed services.
In the last sections of the course, you will map risks against MITRE ATT&CK and NIST SSDF frameworks to manage supply chain security effectively. You will also learn about the latest technologies and solutions for securing your software supply chain, as well as the role of industry standards and regulations.
By the end of this course, you will have a comprehensive understanding of supply chain attacks in code, containers, clusters, and the cloud.
Learning Objectives
1. Understanding the role of supply chain security in protecting organizations from attacks.
2. Identifying various supply chain attacks and how they can be exploited via code, container, clusters, and cloud
3. Developing strategies for assessing and mitigating supply chain risks.
Develop an understanding of best practices for supply chain management and security, including guidance from the SDF, CIS, SLSA, and SCVS frameworks.
4. Understand how supply chain security affects enterprise risk management frameworks.
5. Enforcing security best practices in external service providers/contractors.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@hq.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.