This course is intended for managers of organisations and businesses of any description and size. It is an overview of the risks that can potentially arise from a business's Supply Chain connections. This course looks at the cyber risk in the supply chain and describes what it is, the terminology around it, how it occurs, the way that it can affect all businesses and why managers need to understand more about it so that they can manage it more effectively.
Many businesses identify, manage and track risks to their physical supply chain but don't always pay the same attention to cyber risks in the same way. The cyber aspect of supply chain security has come into sharper focus over the past few years as outsourcing of IT core functions and the use of Cloud services becomes more common. The UK Government in particular is looking at this topic with renewed vigour.
The course is split into 3 modules with each examining a different facet of the supply chain threat and its relevance to modern businesses:
Module 1: What are the cyber risks from the Supply Chain?
This section begins by considering; what is the supply chain? Since every organisation and business is different it makes sense that the risks they face are different, however common themes will include:
Module 2: What are the impacts of Supply Chain risks on the business?
This module considers if the risks from supply chain partners is real or not, what the nature of those risks are, and how could they affect organisations and businesses.
The course examines the nature of the risks that the supply chain represents. It is not just about protecting information from unauthorised access but also because supply chain attacks can disrupt and disable critical business service delivery functions and can definitely have an impact on an organisation's valuable assets such as its reputation and share price.
Not all aspects of the threat are malicious, in many cases a supply chain company insider will accidentally do something to impact the organization, however people are almost always involved in some way in the other types of threat than can affect a business. This part of the course will look at:
Module 3: What can be done to manage Cyber Risk in the Supply Chain?
Every organisation is different so its degree of exposure to cyber risk in the supply chain will vary enormously. As outlined in the other modules there are some common features and a common approach that can be taken to identify the risks and similarly there are some common approaches that can be taken to manage them. This module will look at some of the ways of countering supply chain cyber risks to include:
The development of a tailored strategy for the organization with a focus of understanding the organisation's exposure to supply chin risks and identifying where risks are at their greatest so that resources can be focused.
Understanding how the holistic application of relevant physical, procedural, personnel and technical security controls within the organization can be part of risk management.
This part of the course will also look at the supply chain assurance schemes such as the Supplier Information Assurance Tool and HADRIAN and others that have come into prominence over the past couple of years such as the Cyber Essentials scheme and the Cyber Security Model.
There are no specific prerequisites for this course.
It is suitable for all levels of management, IT, procurement, legal, finance, auditors, risk managers and anyone in an organisation responsible for internal and external supply chains. It is a good introductory course for those from a non-IT background who need to understand more about supply chain cyber risks to the business.