uCertify

Cybersecurity and Third-Party Risk

Learn to identify, assess, and mitigate cybersecurity risks posed by third-party vendors and suppliers.

(CYBERSEC-TP-RISK.AE1) / ISBN : 978-1-64459-367-7
Lessons
Lab
TestPrep
AI Tutor (Add-on)
105 Reviews
Get A Free Trial

About This Course

Our third-party cyber risk course focuses on the growing threat of cyberattacks and supply chain vulnerabilities. Learn to identify and mitigate cybersecurity threats, conduct thorough due diligence on third-party vendors, and establish effective risk management strategies. Explore topics such as supply chain attacks, cloud security, data privacy, and compliance regulations.

Skills You’ll Get

  • Identify and assess potential cybersecurity risks posed by third-party vendors and suppliers 
  • Conduct thorough due diligence on third-party vendors to evaluate their security practices and compliance with industry standards
  • Use supply chain security best practices to prevent attacks and data breaches 
  • Take actions to ensure compliance with the relevant cybersecurity regulations and standards (e.g. GDPR, HIPAA, PCI DSS) 
  • Implement strategies based on cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001 
  • Maintain a proactive cybersecurity posture and continuously improve risk management processes

Download Course Outline

1

Introduction

  • Who Will Benefit Most from This Course?
2

What Is the Risk?

  • The SolarWinds Supply‐Chain Attack
  • The VGCA Supply‐Chain Attack
  • The Zyxel Backdoor Attack
  • Other Supply‐Chain Attacks
  • Problem Scope
  • Compliance Does Not Equal Security
  • Third‐Party Breach Examples
  • Conclusion
3

Cybersecurity Basics

  • Cybersecurity Basics for Third-Party Risk
  • Cybersecurity Frameworks
  • Due Care and Due Diligence
  • Cybercrime and Cybersecurity
  • Conclusion
4

What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk

  • The Pandemic Shutdown
  • SolarWinds Attack Update
  • Conclusion
5

Third‐Party Risk Management

  • Third‐Party Risk Management Frameworks
  • The Cybersecurity and Third‐Party Risk Program Management
  • The Kristina Conglomerate (KC) Enterprises
  • Conclusion
6

Onboarding Due Diligence

  • Intake
  • Cybersecurity Third‐Party Intake
  • Conclusion
7

Ongoing Due Diligence

  • Low‐Risk Vendor Ongoing Due Diligence
  • Moderate‐Risk Vendor Ongoing Due Diligence
  • High‐Risk Vendor Ongoing Due Diligence
  • “Too Big to Care”
  • A Note on Phishing
  • Intake and Ongoing Cybersecurity Personnel
  • Ransomware: A History and Future
  • Conclusion
8

On‐site Due Diligence

  • On‐site Security Assessment
  • On‐site Due Diligence and the Intake Process
  • Conclusion
9

Continuous Monitoring

  • What Is Continuous Monitoring?
  • Enhanced Continuous Monitoring
  • Third‐Party Breaches and the Incident Process
  • Conclusion
10

Offboarding

  • Access to Systems, Data, and Facilities
  • Conclusion
11

Securing the Cloud

  • Why Is the Cloud So Risky?
  • Conclusion
12

Cybersecurity and Legal Protections

  • Legal Terms and Protections
  • Cybersecurity Terms and Conditions
  • Conclusion
13

Software Due Diligence

  • The Secure Software Development Lifecycle
  • On‐Premises Software
  • Cloud Software
  • Open Web Application Security Project Explained
  • Open Source Software
  • Mobile Software
  • Conclusion
14

Network Due Diligence

  • Third‐Party Connections
  • Zero Trust for Third Parties
  • Conclusion
15

Offshore Third‐Party Cybersecurity Risk

  • Onboarding Offshore Vendors
  • Country Risk
  • KC's Country Risk
  • Conclusion
16

Transform to Predictive

  • The Data
  • Level Set
  • A Mature to Predictive Approach
  • The Predictive Approach at KC Enterprises
  • Conclusion
17

Conclusion

1

Cybersecurity Basics

  • Simulating the DoS Attack
  • Performing a Phishing Attack
  • Performing Local Privilege Escalation
2

What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk

  • Establishing a VPN Connection
3

Ongoing Due Diligence

  • Getting the TCP Settings and Information about the TCP Port
  • Detecting a Phishing Site Using Netcraft
4

Continuous Monitoring

  • Analyzing Malware
5

Offboarding

  • Supplying Power to a SATA Drive
6

Securing the Cloud

  • Creating an Elastic Load Balancer
  • Working with Amazon S3
7

Software Due Diligence

  • Attacking a Website Using XSS Injection
  • Fuzzing Using OWASP ZAP
  • Setting Up a Basic Web Server
8

Network Due Diligence

  • Studying CVSS Exercises with the CVSS Calculator
  • Setting up a DMZ
  • Enabling the TPM
9

Offshore Third‐Party Cybersecurity Risk

  • Using the Windows Firewall

Any questions?
Check out the FAQs

We’ve compiled a list of FAQs to help you find the answers you need.

Contact Us Now

Risk in cybersecurity refers to the likelihood of a security breach or data loss that will adversely impact an organization’s operations, reputation, or financial stability.

Individuals in various roles can benefit from this course, including: 

  • IT professionals 
  • Security analysts
  • Risk managers
  • Compliance officers 
  • Business leaders

The duration of the third-party risk management training course depends on your prior knowledge and experience. However, you can complete it within 3-6 months.

  • Third-party risk discusses all potential risks associated with external entities, including vendors, suppliers, contractors, and business partners. 
  • Vendor risk management is a specific subset of third-party risk management that focuses on assessing and mitigating risks related to vendors.

 

Organizations of all sizes and industries can benefit from third-party risk management. But it is especially important for: 

  • Large enterprises with complex supply chains 
  • Organizations in highly regulated industries industries 
  • Companies that rely heavily on third-party vendors

Common types of third-party risk include: 

  • Operational risk 
  • Financial risk
  • Reputational risk 
  • Legal risk

Yes, you can pursue third-party risk management certifications such as: 

  • Certified Information Systems Security Professional (CISSP) 
  • Certified Information Security Manager (CISM) 
  • Certified Risk Manager (CRM)

Related Courses

All Course