Lesson 3G – Supply Chain Disruption

This lesson explains the concept of supply chain risk management, which is used to increase resilience to supply chain disruption, and introduces an assessment tool for diagnosing supply chain vulnerabilities and capabilities.

Learning Objectives
  • Define “supply chain”
  • Describe supply chain risk management
  • Explain how information flows within production systems and between supply chain partners
  • Explain what is meant by “supply chain disruption” and “black swan” and provide examples of each
  • Describe the purpose of the SCRAM assessment tool, and how it is used
Files
Lesson 3G – Supply Chain Disruption Lesson Plan
CPI_Module3_Lesson3G_Presentation.pptx

Log In
to download materials

* NICE Cybersecurity Workforce Framework KSAs Addressed
  • K0002: * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0008: Knowledge of applicable business processes and operations of customer organizations.
  • K0027: Knowledge of organization's enterprise information security architecture system.
  • K0048: Knowledge of Risk Management Framework (RMF) requirements.
  • K0053: Knowledge of measures or indicators of system performance and availability.
  • K0054: Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0084: Knowledge of structured analysis principles and methods.
  • K0101: Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
  • K0146: Knowledge of the organization's core business/mission processes.
  • K0149: Knowledge of organization's risk tolerance and/or risk management approach.
  • K0150: Knowledge of enterprise incident response program, roles, and responsibilities.
  • K0169: Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.
  • K0437: Knowledge of general SCADA system components.
  • K0612: Knowledge of what constitutes a “threat” to a network.
  • S0027: Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0034: Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
  • S0038: Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system
  • S0085: Skill in conducting audits or reviews of technical systems.
  • S0359: Skill to use critical thinking to analyze organizational patterns and relationships.
  • A0106: Ability to think critically.
  • A0117: Ability to relate strategy, business, and technology in the context of organizational dynamics.
  • A0118: Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
  • A0119: Ability to understand the basic concepts and issues related to cyber and its organizational impact.

* Most courseware content maps to NIST NICE Cybersecurity Workforce Framework (NCWF) Knowledge, Skills, and Abilities (KSAs) and/or NSA/DHS CAE Knowledge Units (KUs). For more information on KSAs and KUs, please visit:

KSAs: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf

KUs: https://www.iad.gov/NIETP/documents/Requirements/CAE-CD_2019_Knowledge_Units.pdf