Cybersecurity and Third-Party Risk

This Course Includes:

Get hands-on experience in cybersecurity with the Cybersecurity and Third-Party Risk course and lab. The course provides a detailed look into the problems and risks, then gives specific examples of how to create a robust and active Cybersecurity Third‐Party Risk Management program. The course has well descriptive interactive lessons containing pre and post-assessment questions, knowledge checks, quizzes, live labs, flashcards and glossary terms to get a detailed understanding of cybersecurity and Third‐Party Risk Management (TPRM).

Lessons 1: Introduction

Lessons 2: What Is the Risk?

  • The SolarWinds Supply‐Chain Attack
  • The VGCA Supply‐Chain Attack
  • The Zyxel Backdoor Attack
  • Other Supply‐Chain Attacks
  • Problem Scope
  • Compliance Does Not Equal Security

Lessons 3: Cybersecurity Basics

  • Cybersecurity Basics for Third-Party Risk
  • Cybersecurity Frameworks
  • Due Care and Due Diligence
  • Cybercrime and Cybersecurity

Lessons 4: What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk

  • The Pandemic Shutdown
  • SolarWinds Attack Update

Lessons 5: Third‐Party Risk Management

  • Third‐Party Risk Management Frameworks
  • The Cybersecurity and Third‐Party Risk Program Management
  • The Kristina Conglomerate (KC) Enterprises

Lessons 6: Onboarding Due Diligence

  • Intake
  • Cybersecurity Third‐Party Intake

Lessons 7: Ongoing Due Diligence

  • Low‐Risk Vendor Ongoing Due Diligence
  • Moderate‐Risk Vendor Ongoing Due Diligence
  • High‐Risk Vendor Ongoing Due Diligence
  • “Too Big to Care”
  • A Note on Phishing
  • Intake and Ongoing Cybersecurity Personnel
  • Ransomware: A History and Future

Lessons 8: On‐site Due Diligence

  • On‐site Security Assessment
  • On‐site Due Diligence and the Intake Process

Lessons 9: Continuous Monitoring

  • What Is Continuous Monitoring?
  • Enhanced Continuous Monitoring
  • Third‐Party Breaches and the Incident Process

Lessons 10: Offboarding

  • Access to Systems, Data, and Facilities

Lessons 11: Securing the Cloud

  • Why Is the Cloud So Risky?

Lessons 12: Cybersecurity and Legal Protections

  • Legal Terms and Protections
  • Cybersecurity Terms and Conditions

Lessons 13: Software Due Diligence

  • The Secure Software Development Lifecycle
  • On‐Premises Software
  • Cloud Software
  • Open Web Application Security Project Explained
  • Open Source Software
  • Mobile Software

Lessons 14: Network Due Diligence

  • Third‐Party Connections
  • Zero Trust for Third Parties

Lessons 15: Offshore Third‐Party Cybersecurity Risk

  • Onboarding Offshore Vendors
  • Country Risk
  • KC's Country Risk

Lessons 16: Transform to Predictive

  • The Data
  • Level Set
  • A Mature to Predictive Approach
  • The Predictive Approach at KC Enterprises

Lessons 17: Conclusion

Hands-on LAB Activities

Cybersecurity Basics

  • Simulating the DoS Attack
  • Performing a Phishing Attack
  • Performing Local Privilege Escalation

What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk

  • Establishing a VPN Connection

Ongoing Due Diligence

  • Getting the TCP Settings and Information about the TCP Port
  • Detecting a Phishing Site Using Netcraft

Continuous Monitoring

  • Analysing Malware


  • Supplying Power to a SATA Drive

Securing the Cloud

  • Creating an Elastic Load Balancer
  • Working with Amazon S3

Software Due Diligence

  • Attacking a Website Using XSS Injection
  • Fuzzing Using OWASP ZAP
  • Setting Up a Basic Web Server

Network Due Diligence

  • Studying CVSS Exercises with the CVSS Calculator
  • Setting up a DMZ
  • Enabling the TPM

Offshore Third‐Party Cybersecurity Risk

  • Using the Windows Firewall

Exam FAQs

FAQ's are not Available for this course.



Cybersecurity and Third-Party Risk


17+ Lessons

Delivery Method:




Scroll to Top