It’s tutorial time again in the “Advanced Cybersecurity and Global Cybersecurity Strategy” course within the Advanced Master in Privacy, Cybersecurity, Data Management and Leadership LLM at the European Centre on Privacy and Cybersecurity (ECPC)!

Following his compelling lecture last week, Daniele Catteddu will oversee today’s tutorial aimed at engaging students in a detailed discussion about different approaches to assess supply chain security assurance (products, services and processes), complete with group presentations.

The tutorial will be structured in three phases:

In phase 1, students will be requested to put themselves in the shoes of an Internal Auditor/CISO/Compliance Officer and define a high-level service evaluation/auditing plan. The plan is not meant to be exhaustive, but should contain the key high-level actions/steps to be included in the plan and provide an explanation of their relevance for assessing assurance.

In phase 2, students will be requested to identify sources of data (e.g., documents, technical and organizational controls, etc.) that could then be used to assess a subset of the actions listed in the plan (at least 3-5 actions should be listed).

In phase 3, students will define the acceptable evidence that should be used to support the evaluation. Ideally, the recommended frequency of the evaluation should be specified.

Best of luck with your group presentations!