Using Cyber Supply Chain Risk Management (C-SCRM) to mitigate the risks associated with the distributed and interconnected nature of IT/OT product and service supply chains requires close coordination and information-sharing with reliable allies and constant monitoring for and evaluation of security risks and openings. Learners will gain a basic understanding of C-SCRM, including its central ideas, recommended procedures, and established norms. This course introduces how to create and execute effective C-SCRM strategies to safeguard their organizations’ IT and OT systems against cyber risks originating in the supply chain via a mix of theoretical understanding and real-world experiences.
Learning Objectives
Upon successful completion of this course, learners should have the knowledge and skills to:
- Detect supply chain threats and vulnerabilities
- Evaluate risk as part of supplier selection
- Examine third-party security policies, practices, and protocols
- Leverage supply chain security standards and frameworks
- Develop incident response and recovery
- Use C-SCRM to manage contracts
- Mitigate insider threats and monitor systems
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Cybersecurity Management
- Program/Project Management and Acquisition
- Risk Management
- Systems Requirements Planning
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.