Duration:
3 days
Audience:
Software developers, IoT manufacturers (product teams, engineering teams, developers), non-security technical subject matter experts

Security is always more efficient when defined at the early stages of a project. This is the principle of security by design. A good security by design integrates multiple aspects that go beyond technical.

In this training, we will explain how to embedded security into processes at every stage of a solution's lifecycle: from its conception, its deployment and operation, and until its end of life.

In this 3 days training course, participants will learn how to define security requirements at the early stages of a project, how to valide them during the development process and how to provide continuous security support after release. We will learn to define security objectives, define roles, responsibilities and accountabilities around security. We will explain how security by design can prevent a security event to happen, or remediate it.

This training course is ideal for software developers, IoT manufacturers (product teams, engineering teams, developers), and non-security technical subject matter experts.

This training course is also built for security technical experts who want to extend their knowledge or support project and product development.

The objective of this training is to raise awareness around security by design and explain how to do it right. We will present a real-life case study where security by design helped an IoT manufacturer save several millions of pounds while developing an IoT system that integrates third-parties with various technologies (devices, mobile apps and Cloud).

Objectives:

  • Understand the issues around the current security status
  • Understand the principles of security by design
  • Understand the benefits of a security by default approach
  • Be able to define security requirements at project start
  • Know how to integrate security into existing processes
  • Understand the importance of coordination and communication around security functions
  • Manage security throughout the lifecycle of a project with awareness, threat intelligence, vulnerability management, risk assessment, security of third-parties, disaster recovery, bug bounty, over-the-air update, etc
  • Develop a continuous improvement process to integrate feedbacks into existing processes

Programme:

  • Presentation of several high-profile cases of attacks against IoT systems.
  • Explain how the lack of "security by design" led to vulnerabilities affecting a product and the reputation of a company
  • Define Security by Design and Security by Default
  • How security usually integrates into the lifecycle of a project
  • How to adapt existing processes to have it “by design”
  • Discuss on potential traps
  • How to design a security by design framework and define security requirements, responsibilities and accountabilities around security.
  • How security by design integrates into existing processes: the importance of coordination and communication
  • Managing security throughout the lifecycle of a project
  • Developing a continuous improvement process (for example, reintegrating penetration tests into the development process

 

To receive a quote or to register, please contact us.