Cybersecurity and Third-Party Risk

(CYBERSEC-TP-RISK.AE1)/ISBN:978-1-64459-367-7

This course includes
Lessons
TestPrep
Hand-on Lab
AI Tutor (Add-on)

Get hands-on experience in cybersecurity with the Cybersecurity and Third-Party Risk course and lab. The course provides a detailed look into the problems and risks, then gives specific examples of how to create a robust and active Cybersecurity Third‐Party Risk Management program. The course has well descriptive interactive lessons containing pre and post-assessment questions, knowledge checks, quizzes, live labs, flashcards, and glossary terms to get a detailed understanding of cybersecurity and Third‐Party Risk Management (TPRM).

Lessons

17+ Lessons | 184+ Exercises | 131+ Quizzes | 136+ Flashcards | 136+ Glossary of terms

TestPrep

60+ Pre Assessment Questions | 60+ Post Assessment Questions |

Hand on lab

17+ LiveLab | 17+ Video tutorials | 48+ Minutes

Here's what you will learn

Download Course Outline

Lessons 1: Introduction

  • Who Will Benefit Most from This Course?

Lessons 2: What Is the Risk?

  • The SolarWinds Supply‐Chain Attack
  • The VGCA Supply‐Chain Attack
  • The Zyxel Backdoor Attack
  • Other Supply‐Chain Attacks
  • Problem Scope
  • Compliance Does Not Equal Security
  • Third‐Party Breach Examples
  • Conclusion

Lessons 3: Cybersecurity Basics

  • Cybersecurity Basics for Third-Party Risk
  • Cybersecurity Frameworks
  • Due Care and Due Diligence
  • Cybercrime and Cybersecurity
  • Conclusion

Lessons 4: What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk

  • The Pandemic Shutdown
  • SolarWinds Attack Update
  • Conclusion

Lessons 5: Third‐Party Risk Management

  • Third‐Party Risk Management Frameworks
  • The Cybersecurity and Third‐Party Risk Program Management
  • The Kristina Conglomerate (KC) Enterprises
  • Conclusion

Lessons 6: Onboarding Due Diligence

  • Intake
  • Cybersecurity Third‐Party Intake
  • Conclusion

Lessons 7: Ongoing Due Diligence

  • Low‐Risk Vendor Ongoing Due Diligence
  • Moderate‐Risk Vendor Ongoing Due Diligence
  • High‐Risk Vendor Ongoing Due Diligence
  • “Too Big to Care”
  • A Note on Phishing
  • Intake and Ongoing Cybersecurity Personnel
  • Ransomware: A History and Future
  • Conclusion

Lessons 8: On‐site Due Diligence

  • On‐site Security Assessment
  • On‐site Due Diligence and the Intake Process
  • Conclusion

Lessons 9: Continuous Monitoring

  • What Is Continuous Monitoring?
  • Enhanced Continuous Monitoring
  • Third‐Party Breaches and the Incident Process
  • Conclusion

Lessons 10: Offboarding

  • Access to Systems, Data, and Facilities
  • Conclusion

Lessons 11: Securing the Cloud

  • Why Is the Cloud So Risky?
  • Conclusion

Lessons 12: Cybersecurity and Legal Protections

  • Legal Terms and Protections
  • Cybersecurity Terms and Conditions
  • Conclusion

Lessons 13: Software Due Diligence

  • The Secure Software Development Lifecycle
  • On‐Premises Software
  • Cloud Software
  • Open Web Application Security Project Explained
  • Open Source Software
  • Mobile Software
  • Conclusion

Lessons 14: Network Due Diligence

  • Third‐Party Connections
  • Zero Trust for Third Parties
  • Conclusion

Lessons 15: Offshore Third‐Party Cybersecurity Risk

  • Onboarding Offshore Vendors
  • Country Risk
  • KC's Country Risk
  • Conclusion

Lessons 16: Transform to Predictive

  • The Data
  • Level Set
  • A Mature to Predictive Approach
  • The Predictive Approach at KC Enterprises
  • Conclusion

Lessons 17: Conclusion

Hands-on LAB Activities

Cybersecurity Basics

  • Simulating the DoS Attack
  • Performing a Phishing Attack
  • Performing Local Privilege Escalation

What the COVID‐19 Pandemic Did to Cybersecurity and Third‐Party Risk

  • Establishing a VPN Connection

Ongoing Due Diligence

  • Getting the TCP Settings and Information about the TCP Port
  • Detecting a Phishing Site Using Netcraft

Continuous Monitoring

  • Analyzing Malware

Offboarding

  • Supplying Power to a SATA Drive

Securing the Cloud

  • Creating an Elastic Load Balancer
  • Working with Amazon S3

Software Due Diligence

  • Attacking a Website Using XSS Injection
  • Fuzzing Using OWASP ZAP
  • Setting Up a Basic Web Server

Network Due Diligence

  • Studying CVSS Exercises with the CVSS Calculator
  • Setting up a DMZ
  • Enabling the TPM

Offshore Third‐Party Cybersecurity Risk

  • Using the Windows Firewall