Cybersecurity Third-Party Risk Management
Learn to identify, assess, and mitigate cybersecurity risks posed by third-party vendors and suppliers.
(CYBERSEC-TP-RISK.AE1) / ISBN : 978-1-64459-367-7About This Course
Our third-party cyber risk course focuses on the growing threat of cyberattacks and supply chain vulnerabilities. Learn to identify and mitigate cybersecurity threats, conduct thorough due diligence on third-party vendors, and establish effective risk management strategies. Explore topics such as supply chain attacks, cloud security, data privacy, and compliance regulations.
Skills You’ll Get
- Identify and assess potential cybersecurity risks posed by third-party vendors and suppliers
- Conduct thorough due diligence on third-party vendors to evaluate their security practices and compliance with industry standards
- Use supply chain security best practices to prevent attacks and data breaches
- Take actions to ensure compliance with the relevant cybersecurity regulations and standards (e.g. GDPR, HIPAA, PCI DSS)
- Implement strategies based on cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001
- Maintain a proactive cybersecurity posture and continuously improve risk management processes
Get the support you need. Enroll in our Instructor-Led Course.
Interactive Lessons
17+ Interactive Lessons | 184+ Exercises | 131+ Quizzes | 136+ Flashcards | 136+ Glossary of terms
Gamified TestPrep
60+ Pre Assessment Questions | 60+ Post Assessment Questions |
Hands-On Labs
17+ LiveLab | 17+ Video tutorials | 48+ Minutes
Introduction
- Who Will Benefit Most from This Course?
What Is the Risk?
- The SolarWinds Supply‐Chain Attack
- The VGCA Supply‐Chain Attack
- The Zyxel Backdoor Attack
- Other Supply‐Chain Attacks
- Problem Scope
- Compliance Does Not Equal Security
- Third‐Party Breach Examples
- Conclusion
Cybersecurity Basics
- Cybersecurity Basics for Third-Party Risk
- Cybersecurity Frameworks
- Due Care and Due Diligence
- Cybercrime and Cybersecurity
- Conclusion
What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk
- The Pandemic Shutdown
- SolarWinds Attack Update
- Conclusion
Third‐Party Risk Management
- Third‐Party Risk Management Frameworks
- The Cybersecurity and Third‐Party Risk Program Management
- The Kristina Conglomerate (KC) Enterprises
- Conclusion
Onboarding Due Diligence
- Intake
- Cybersecurity Third‐Party Intake
- Conclusion
Ongoing Due Diligence
- Low‐Risk Vendor Ongoing Due Diligence
- Moderate‐Risk Vendor Ongoing Due Diligence
- High‐Risk Vendor Ongoing Due Diligence
- “Too Big to Care”
- A Note on Phishing
- Intake and Ongoing Cybersecurity Personnel
- Ransomware: A History and Future
- Conclusion
On‐site Due Diligence
- On‐site Security Assessment
- On‐site Due Diligence and the Intake Process
- Conclusion
Continuous Monitoring
- What Is Continuous Monitoring?
- Enhanced Continuous Monitoring
- Third‐Party Breaches and the Incident Process
- Conclusion
Offboarding
- Access to Systems, Data, and Facilities
- Conclusion
Securing the Cloud
- Why Is the Cloud So Risky?
- Conclusion
Cybersecurity and Legal Protections
- Legal Terms and Protections
- Cybersecurity Terms and Conditions
- Conclusion
Software Due Diligence
- The Secure Software Development Lifecycle
- On‐Premises Software
- Cloud Software
- Open Web Application Security Project Explained
- Open Source Software
- Mobile Software
- Conclusion
Network Due Diligence
- Third‐Party Connections
- Zero Trust for Third Parties
- Conclusion
Offshore Third‐Party Cybersecurity Risk
- Onboarding Offshore Vendors
- Country Risk
- KC's Country Risk
- Conclusion
Transform to Predictive
- The Data
- Level Set
- A Mature to Predictive Approach
- The Predictive Approach at KC Enterprises
- Conclusion
Conclusion
Cybersecurity Basics
- Simulating the DoS Attack
- Performing a Phishing Attack
- Performing Local Privilege Escalation
What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk
- Establishing a VPN Connection
Ongoing Due Diligence
- Getting the TCP Settings and Information about the TCP Port
- Detecting a Phishing Site Using Netcraft
Continuous Monitoring
- Analyzing Malware
Offboarding
- Supplying Power to a SATA Drive
Securing the Cloud
- Creating an Elastic Load Balancer
- Working with Amazon S3
Software Due Diligence
- Attacking a Website Using XSS Injection
- Fuzzing Using OWASP ZAP
- Setting Up a Basic Web Server
Network Due Diligence
- Studying CVSS Exercises with the CVSS Calculator
- Setting up a DMZ
- Enabling the TPM
Offshore Third‐Party Cybersecurity Risk
- Using the Windows Firewall
Any questions?Check out the FAQs
We’ve compiled a list of FAQs to help you find the answers you need.
Contact Us NowRisk in cybersecurity refers to the likelihood of a security breach or data loss that will adversely impact an organization’s operations, reputation, or financial stability.
Individuals in various roles can benefit from this course, including:
- IT professionals
- Security analysts
- Risk managers
- Compliance officers
- Business leaders
The duration of the third-party risk management training course depends on your prior knowledge and experience. However, you can complete it within 3-6 months.
- Third-party risk discusses all potential risks associated with external entities, including vendors, suppliers, contractors, and business partners.
- Vendor risk management is a specific subset of third-party risk management that focuses on assessing and mitigating risks related to vendors.
Organizations of all sizes and industries can benefit from third-party risk management. But it is especially important for:
- Large enterprises with complex supply chains
- Organizations in highly regulated industries industries
- Companies that rely heavily on third-party vendors
Common types of third-party risk include:
- Operational risk
- Financial risk
- Reputational risk
- Legal risk
Yes, you can pursue third-party risk management certifications such as:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Risk Manager (CRM)