Cybersecurity Simulation
“Hello, I’m Sam and I work in the Procurement department. We’ve been reviewing some new suppliers, and I need help assessing their cybersecurity risk.”
“I’m your Supply Chain Cyber Security bot. I’ll help you evaluate the risks and make informed decisions.”
start
* EDIT OR DELETE THIS LOCUTION
What will we learn?
In this session, you will learn how to identify, assess, and respond to cybersecurity risks in the supply chain. These key practices will help reduce vulnerabilities from third-party suppliers and improve overall resilience.
Keys
Understand and apply the ROSE taxonomy
Identify critical suppliers and assess their cyber risk profile
Define minimum security requirements in contracts
Evaluate supplier incident response and continuity plans
Encourage collaboration through information sharing
continue
Context
You’re in the middle of preparing a new supplier onboarding report when you receive an email from SecureSignal Ltd advising that they have suffered a cyber security attack. They provide telemetry analytics used in your mobile app infrastructure. As the decision-maker, what should you do first? You decide to consult the SCRM Bot to help you evaluate the situation, assess supplier risk, and decide the next step.
continue
“Bot, we just received a notification that one of our suppliers may have experienced a cyber incident. They emailed us directly, but I’m not sure if it’s genuine or how serious it is. Could this affect our systems?”
“Let’s take a closer look. Can you forward the email you received? I’ll check if this supplier is high-risk and help you decide whether escalation is needed.”
Email Click here
📧
continue
What conclusions can we draw from this supplier email?
After carefully reviewing the message, what is the most appropriate assessment based on supply chain incident response best practices?
The email seems trustworthy because it includes a formal tone and follow-up instructions, which suggests standard supplier protocol. There’s no immediate reason to question its authenticity.
The message appears legitimate because it is reporting a cyber compromise and contains no obvious grammar mistakes. it is positive to see threat intelligence being shared with clients, especially when they can protect them from compromise .
The email appears to come from a legitimate email domain. You’re unsure whether their cyber response team would use the support username and your department wouldn’t be the one to action the advice in the attachment. You decide to pass it to your cyber security team for them to assess and action.
continue
Congratulations!
You just learned something new about Supply Chain Cyber Security!
Incorrect
This is really important and could form part of a targeted cyber-attack against the business. Forward the email to the CISO as this is the person who heads up the cyber security team and she will know what to do.
Incorrect
1- Follow standard incident reporting procedures.- Notify the appropriate internal team to:
- Investigate whether other staff received the same email.
- Determine if any staff engaged with the phishing email and potentially compromised the business.
2- Check the supplier database to:- Assess the risk profile of the supplier.
- Understand the potential impact of the supplier being compromised.
3- Block the domain securesignal.com.4- Inform the company (securesignal.com) that they may have suffered a security compromise.
Correct!
Delete it and ensure that it is also removed from the bin so that it can't be opened by accident.
From: support@securesignal.com To: sam@mycompany.com Subject: 🔐 URGENT: Potential Compromise Impacting mycompany.com Dear mycompany Procurement Team, We have identified an active breach involving our telemetry platform which may impact your systems via our SDK. APT actors have been confirmed in our environment. Please see the attached ZIP archive containing:
- Indicators of Compromise (IOCs)
- A tool for scanning your environment for signs of intrusion
- Threat intelligence on the attacker’s methods
Attachment: URGENT-Threat-Intel.zip Given the urgency, we recommend executing the diagnostic tools within 4 hours. Regards, SecureSignal Ltd Cyber Response Team
Cybersecurity Shortened
Dr. May Baldwin
Created on June 12, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Simulation: How to Act Against Bullying
View
Mobile Use Simulation
View
Marketing Strategy Test
View
College Survival Test
View
Learning Style Test
View
Discover Your Professional Path
View
Cybersecurity Simulation
Explore all templates
Transcript
Cybersecurity Simulation
“Hello, I’m Sam and I work in the Procurement department. We’ve been reviewing some new suppliers, and I need help assessing their cybersecurity risk.”
“I’m your Supply Chain Cyber Security bot. I’ll help you evaluate the risks and make informed decisions.”
start
* EDIT OR DELETE THIS LOCUTION
What will we learn?
In this session, you will learn how to identify, assess, and respond to cybersecurity risks in the supply chain. These key practices will help reduce vulnerabilities from third-party suppliers and improve overall resilience.
Keys
Understand and apply the ROSE taxonomy
Identify critical suppliers and assess their cyber risk profile
Define minimum security requirements in contracts
Evaluate supplier incident response and continuity plans
Encourage collaboration through information sharing
continue
Context
You’re in the middle of preparing a new supplier onboarding report when you receive an email from SecureSignal Ltd advising that they have suffered a cyber security attack. They provide telemetry analytics used in your mobile app infrastructure. As the decision-maker, what should you do first? You decide to consult the SCRM Bot to help you evaluate the situation, assess supplier risk, and decide the next step.
continue
“Bot, we just received a notification that one of our suppliers may have experienced a cyber incident. They emailed us directly, but I’m not sure if it’s genuine or how serious it is. Could this affect our systems?”
“Let’s take a closer look. Can you forward the email you received? I’ll check if this supplier is high-risk and help you decide whether escalation is needed.”
Email Click here
📧
continue
What conclusions can we draw from this supplier email?
After carefully reviewing the message, what is the most appropriate assessment based on supply chain incident response best practices?
The email seems trustworthy because it includes a formal tone and follow-up instructions, which suggests standard supplier protocol. There’s no immediate reason to question its authenticity.
The message appears legitimate because it is reporting a cyber compromise and contains no obvious grammar mistakes. it is positive to see threat intelligence being shared with clients, especially when they can protect them from compromise .
The email appears to come from a legitimate email domain. You’re unsure whether their cyber response team would use the support username and your department wouldn’t be the one to action the advice in the attachment. You decide to pass it to your cyber security team for them to assess and action.
continue
Congratulations!
You just learned something new about Supply Chain Cyber Security!
Incorrect
This is really important and could form part of a targeted cyber-attack against the business. Forward the email to the CISO as this is the person who heads up the cyber security team and she will know what to do.
Incorrect
1- Follow standard incident reporting procedures.- Assess the risk profile of the supplier.
- Notify the appropriate internal team to:
- Investigate whether other staff received the same email.
- Determine if any staff engaged with the phishing email and potentially compromised the business.
2- Check the supplier database to:- Understand the potential impact of the supplier being compromised.
3- Block the domain securesignal.com.4- Inform the company (securesignal.com) that they may have suffered a security compromise.Correct!
Delete it and ensure that it is also removed from the bin so that it can't be opened by accident.
From: support@securesignal.com To: sam@mycompany.com Subject: 🔐 URGENT: Potential Compromise Impacting mycompany.com Dear mycompany Procurement Team, We have identified an active breach involving our telemetry platform which may impact your systems via our SDK. APT actors have been confirmed in our environment. Please see the attached ZIP archive containing:
- Indicators of Compromise (IOCs)
- A tool for scanning your environment for signs of intrusion
- Threat intelligence on the attacker’s methods
Attachment: URGENT-Threat-Intel.zip Given the urgency, we recommend executing the diagnostic tools within 4 hours. Regards, SecureSignal Ltd Cyber Response Team