Duration:
3 days
Audience:
Software developers, IoT manufacturers (product teams, engineering teams, developers), non-security technical subject matter experts

Security by DesignThe principle of Security by Design integrates security at the early stages of a project to make it more efficient and effective.

In this 3-day training course, we learn how to embedded security into the existing processes at every stage of a solution's lifecycle: from its conception, its deployment and operation, and until its end of life. You will learn to establish a list of requirements at the early stages of a project, know how to secure your supply chain, use security assurance mechanisms throughout the development process and understand how to provide continuous security support after release. For every stage, you will be able to identify roles, responsibilities and accountabilities around security.

This training course is ideal for software developers, IoT manufacturers (product teams, engineering teams, developers), and non-security tecnical subject matter experts. This training course is also built for security technical experts who want to extend their knowledge or support project and product development.

You will study a real-life example where security by design helped an IoT manufacturer save several millions of pounds while developing an IoT system that integrates third-parties with various technologies (devices, mobile apps and Cloud).

Objectives:

  • Understand the issues around the current security status
  • Understand the principles of security by design
  • Understand the benefits of a security by default approach
  • Be able to define security requirements at project start
  • Know how to integrate security into existing processes
  • Understand the importance of coordination and communication around security functions
  • Manage security throughout the lifecycle of a project with awareness, threat intelligence, vulnerability management, risk assessment, security of third-parties, disaster recovery, bug bounty, over-the-air update, etc
  • Understand security assurance mechanisms to validate the implementation of security requirements
  • Develop a continuous improvement process to integrate feedbacks into existing processes

Programme:

  • Presentation of several high-profile cases of attacks against IoT systems.
  • Explain how the lack of "security by design" led to vulnerabilities affecting a product and the reputation of a company
  • Define Security by Design and Security by Default
  • How security usually integrates into the lifecycle of a project, including supply-chain security
  • How to adapt existing processes to have it “by design”
  • Discuss on potential traps
  • How to design a security by design framework and define security requirements, responsibilities and accountabilities around security.
  • How security by design integrates into existing processes: the importance of coordination and communication
  • Managing security throughout the lifecycle of a project
  • Validation through security assurance
  • Developing a continuous improvement process (for example, reintegrating penetration tests into the development process

 

To receive a quote or to register, please contact us.