Description
3 days
€ 2025,- plus VAT
8 persons
No prior knowledge required & certificate of completion
What you can expect from
SEC.311 Secure development processes for OT and (I)IoT
Gain an overview of security standards and regulations
- Understand how you as a product developer are affected by the NIS 2 directive.
- Learn about the requirements of the new Machinery Regulation and the Cyber Resilience Act with regard to security in order to obtain CE marking for your product.
- Get to know the relevant norms and standards that can support you.
Creating a framework for secure product development
- Learn what secure product development means and how you can ensure the necessary processes in your company.
- Find out what requirements must be placed on suppliers and how you can ensure the secure handling of third-party components.
- Get to know the roles and responsibilities in connection with security and which teams and contact points are necessary for this.
Integrating security into the product development process
- Understand the connection between safety and security.
- Understand the concept and steps to create a threat model to identify the specific risks to your product and take appropriate action.
- Discover tools for monitoring and improving product security (e.g. security testing, SBOM).
- Get to know methods (e.g. secure coding, secure design) for integrating security into your development process.
What you will learn during this training course
Day 1
Overview of regulations
- Machinery Regulation
- Radio Equipment Directive (RED)
- Cyber Resilience Act (CRA)
Overview of standards
- IEC 62443 General series of standards
- IEC 62443-4-1 Principles and requirements
Security management
- Product classification
- Security Organization
- Security training
- Integrity protection
- Securing the development environment
- Selection of secure components
Day 2
Specification of security requirements
- Product security environment
- Safety & Security
- Threat analysis
Secure design & development
Security verification & validation testing
Day 3
Vulnerability Management
Security Update Management
Security Documentation
After the training, participants will:
- understand the connection between safety and security.
- know and implement regulatory and normative requirements.
- understand what secure product development entails and what is required in the organization.
- understand what a threat model is and what is needed to develop one.
- know suitable methods and appropriate measures for integrating security into the product development process.
- know useful tools for checking and improving product security.
- be able to counter challenges such as dealing with legacy code, updating third-party components or communicating vulnerabilities.
More than just training: your journey to secure product development starts here.
Find out how Limes Security can support you not only with training, but also with customized consulting, workshops and standards-compliant support for the secure development of your products.
What others say
Training highlights of the
SEC.311 Secure development processes for OT and (I)IoT
This training goes beyond theory and includes a series of practical exercises where you can apply your knowledge in real-life scenarios. Active participation helps you to really understand the security principles, reinforces key concepts and prepares you for real security challenges in your work.
Each exercise focuses on security management, secure development and threat analysis so that you can acquire comprehensive know-how. Here is a brief overview of the exercises:
Get to know our
trainers
Peter Panholzer
is veteran of the first hour for industrial security and secure software development. He is a certified ISO 27001 auditor, member of the OVE working group on IEC 62443, hacker and for over ten years trainer for secure coding. He loves to give the participants tricky tasks and to assist them with the right security tips.
Florian Gerstmayer
worked for several years as a project manager and embedded software developer, where he designed and implemented secure products. Thus, he knows from personal experience which topics need to be addressed in the management of systems, as well as implemented as a developer in a holistic concept, and is happy to pass this on to others.
