Personnel & Third-Party Security

In this course, you will learn all about the process of implementing effective education, training, and awareness programs. You will also study the role personnel security plays in protecting an organization’s assets, intellectual property, and physical assets. You will also be introduced to the steps required for effective Vendor Risk Management (VRM), including: due diligence, contracting, monitoring & accessing, and termination. Throughout the course, you will engage with current case studies that illustrate the key concepts in your lessons. You will also have the chance to submit assignments in which you will apply the material in a practical application.

• Education, Training, & Awareness
• Welcome to the first module of Personnel & Third Party Security! Education, training, and awareness of security threats are important for many actors within an organization. It’s not only your users who make bad decisions, it’s also administrators, IT staff, security staff, and risk assessors. In this module we will dive into the process of implementing effective education, training, and awareness programs.
• Personnel Security
• Welcome to Module 2! Personnel security plays a critical role in protecting an organization’s assets, for example intellectual property, such as customer data or physical assets. Organizations define their security requirements around personnel’s use of organizational assets and then use technical and physical controls to implement them. Through personnel security controls, we work towards a reduction in the misuse, theft, or fraud related to our assets.
• Vendor Risk Management
• Welcome to Module 3! In this module we will introduce the steps required for effective Vendor Risk Management (VRM), including: due diligence, contracting, monitoring and accessing, as well as termination. When it comes to VRM, we cannot completely eliminate all risk, however, we may be able to reduce risk. The key is to ensure there is no "unacceptable" risk.
• Acquisition Strategy
• Welcome to the fourth and final module of Personnel & Third-Party Security! Imagine you just bought new hardware, software, or merged with another company. How do you ensure that these actions do not reduce your cyber security posture and increase your risk to external and internal threats? Introducing cyber security risk considerations into acquisition strategy can help deal with these concerns.