Get hands-on experience in cybersecurity with the Cybersecurity and Third-Party Risk course and lab. The course provides a detailed look into the problems and risks, then gives specific examples of how to create a robust and active Cybersecurity Third‐Party Risk Management program. The course has well descriptive interactive lessons containing pre and post-assessment questions, knowledge checks, quizzes, live labs, flashcards and glossary terms to get a detailed understanding of cybersecurity and Third‐Party Risk Management (TPRM).
Lessons 1: Introduction
Lessons 2: What Is the Risk?
- The SolarWinds Supply‐Chain Attack
- The VGCA Supply‐Chain Attack
- The Zyxel Backdoor Attack
- Other Supply‐Chain Attacks
- Problem Scope
- Compliance Does Not Equal Security
Lessons 3: Cybersecurity Basics
- Cybersecurity Basics for Third-Party Risk
- Cybersecurity Frameworks
- Due Care and Due Diligence
- Cybercrime and Cybersecurity
Lessons 4: What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk
- The Pandemic Shutdown
- SolarWinds Attack Update
Lessons 5: Third‐Party Risk Management
- Third‐Party Risk Management Frameworks
- The Cybersecurity and Third‐Party Risk Program Management
- The Kristina Conglomerate (KC) Enterprises
Lessons 6: Onboarding Due Diligence
- Intake
- Cybersecurity Third‐Party Intake
Lessons 7: Ongoing Due Diligence
- Low‐Risk Vendor Ongoing Due Diligence
- Moderate‐Risk Vendor Ongoing Due Diligence
- High‐Risk Vendor Ongoing Due Diligence
- “Too Big to Care”
- A Note on Phishing
- Intake and Ongoing Cybersecurity Personnel
- Ransomware: A History and Future
Lessons 8: On‐site Due Diligence
- On‐site Security Assessment
- On‐site Due Diligence and the Intake Process
Lessons 9: Continuous Monitoring
- What Is Continuous Monitoring?
- Enhanced Continuous Monitoring
- Third‐Party Breaches and the Incident Process
Lessons 10: Offboarding
- Access to Systems, Data, and Facilities
Lessons 11: Securing the Cloud
- Why Is the Cloud So Risky?
Lessons 12: Cybersecurity and Legal Protections
- Legal Terms and Protections
- Cybersecurity Terms and Conditions
Lessons 13: Software Due Diligence
- The Secure Software Development Lifecycle
- On‐Premises Software
- Cloud Software
- Open Web Application Security Project Explained
- Open Source Software
- Mobile Software
Lessons 14: Network Due Diligence
- Third‐Party Connections
- Zero Trust for Third Parties
Lessons 15: Offshore Third‐Party Cybersecurity Risk
- Onboarding Offshore Vendors
- Country Risk
- KC's Country Risk
Lessons 16: Transform to Predictive
- The Data
- Level Set
- A Mature to Predictive Approach
- The Predictive Approach at KC Enterprises
Lessons 17: Conclusion
Hands-on LAB Activities
Cybersecurity Basics
- Simulating the DoS Attack
- Performing a Phishing Attack
- Performing Local Privilege Escalation
What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk
- Establishing a VPN Connection
Ongoing Due Diligence
- Getting the TCP Settings and Information about the TCP Port
- Detecting a Phishing Site Using Netcraft
Continuous Monitoring
- Analysing Malware
Offboarding
- Supplying Power to a SATA Drive
Securing the Cloud
- Creating an Elastic Load Balancer
- Working with Amazon S3
Software Due Diligence
- Attacking a Website Using XSS Injection
- Fuzzing Using OWASP ZAP
- Setting Up a Basic Web Server
Network Due Diligence
- Studying CVSS Exercises with the CVSS Calculator
- Setting up a DMZ
- Enabling the TPM
Offshore Third‐Party Cybersecurity Risk
- Using the Windows Firewall
Exam FAQs
FAQ's are not Available for this course.Summary
Standard:
Cybersecurity and Third-Party Risk
Lessons:
17+ Lessons
Delivery Method:
Online
Language:
English