100 Most Popular Courses For September

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Cybrary

IoT Product Security

via Cybrary

Go to class Write review

Overview

This course, taught from the perspective of a CISO or a senior director in either a security or engineering organization, will focus on the information required to design and implement an IoT product security program. The topics discussed in this course will apply to any Information Security Program trying to understand how to securely handle IoT, IIoT, ICS, and OT technology within the enterprise. By better understanding the underlying security concerns of designing and manufacturing IoT devices, security practitioners can better understand how to secure these devices within their environments.

The IoT security field is maturing and changing at an incredible rate. At the same time, IoT is expanding into our everyday lives and will continue to have an increasing impact on how we live our lives. Threat actors understand this and see the immature industry as an opportunity to do evil.

This class is designed for senior-level security professionals and assumes the learner has knowledge of advanced security concepts, experience leading security or engineering organizations, and is comfortable with business risk and governance concepts. The class is organized in a way to help organizations stand up an IoT product security program; however, any learner with a desire to understand how to apply cyber security principles to IoT security will benefit from the material in this class.

This class takes a deep technical dive into designing and establishing a secure foundation of trust within the IoT device and ecosystem architecture. The class will take a deep technical dive into roots of trust, anchors of trust, secure boot, and managed boot with an in-depth discussion of secure elements and hardware roots of trust, including TEE, TPM, HSM, and DICE. It discusses the steps an organization can take to develop a product security program to address IoT security, including factors of success, reporting structures, and which elements of the existing information security program that can be incorporated and enhanced for product security. This class discusses how an organization can proactively develop tools to address IoT vulnerabilities, such as developing an enterprise vulnerability disclosure program using tools such as bug bounties and responsible disclosure. It discusses hot topics, such as third-party risk, IoT physical and logical security, OTA patching, architecture frameworks, and IoT manufacturing considerations in foreign markets. The class will identify secure IoT device provisioning and manufacturing practices, including a robust examination of security considerations for chip manufacturers, IoT device OEMs, and contract manufacturers. This class also discusses relevant legal and regulatory changes affecting the global IoT market and steps organizations should consider to meet the changing security and privacy environment. Lastly, this class uses real-world case studies and goes behind the news headlines to discuss how organizations can take steps today to prevent becoming tomorrow's next Internet meme.

Prerequisites

This course assumes the learner has a strong foundation of security engineering concepts, security management practices, and business leadership principles and can apply these concepts in a leadership capacity.

Course Goals

By the end of this course, students should be able to:

  • Design and build a risk-based IoT product security program to securely develop, manufacture, deliver, and support IoT and Industrial IoT (IIoT) devices throughout their product lifecycle
  • Understand what existing security program elements CISOs can leverage to implement an IoT product security program and identify the new elements that need to be added
  • Identify principles of hardware roots of trust and develop an understanding of how to help guide product engineers to securely design IoT products
  • Understand how to design secure elements and hardware roots of trust including TEE, TPM, HSM, and DICE
  • Understand how CISOs should manage risk associated with existing IoT, IIoT, Industrial Control Systems (ICS), and Operational Technology (OT) systems within the context of their existing security program
  • Learn how to create a Vulnerability Disclosure Program using tools such as bug bounties and responsible disclosure
  • Understand how to secure the IoT device provisioning and manufacturing practices including a robust examination of security considerations for chip manufacturers, IoT device OEMs, and contract manufacturers
  • Learn relevant legal and regulatory changes affecting the global IoT market, and identify steps organizations should consider to meet the changing security and privacy environment
  • Apply security knowledge gained by study of CISSP, CISM, CRISC, etc. to the real world scenarios contained in the course material and discussions

Syllabus

  • Course Introduction
    • Course and Instructor Introduction
    • IoT Then and Now
    • IoT Product Lifecycle Part 1
    • IoT Product Lifecycle Part 2
    • OWASP Top 10 Part 1
    • OWASP Top 10 Part 2
  • Product Security Programs
    • Foundations for Success
    • IoT Product Security Program Part 1
    • IoT Product Security Program Part 2
    • CPSO Reporting Structure Part 1
    • CPSO Reporting Structure Part 2
    • CPSO Reporting Structure Part 3
    • Supplier Risk
    • Contracts
    • Case Study: CCleaner
  • Security by Design
    • First Steps: Framework
    • Architecture Stages Part 1
    • IoT Architecture Stages Part 2
    • IoT Ecosystems
    • IoT Communications Part 1
    • IoT Communications Part 2
  • Hardware Root of Trust
    • Foundations of Trust Part 1
    • Foundations of Trust Part 2
    • Foundations of Trust Part 3
    • Foundations of Trust Part 4
    • Encryption
    • Trusted Execution Environment
    • Trusted Platform Module Part 1
    • Trusted Platform Module Part 2
    • Trusted Platform Module Part 3
    • Trusted Platform Module Part 4
    • Hardware Security
    • DICE Part 1
    • DICE Part 2
    • Module 14 Review
  • Secure Development
    • Product Design (Hardware) Part 1
    • Product Design (Hardware) Part 2
    • Product Design (Hardware) Part 3
    • Product Design (Software)
    • IoT Operating Systems
    • IoT Bill of Materials Part 1
    • IoT Bill of Materials Part 2
  • Build, Ship, Operate
    • Manufacturing and Provisioning
    • Vulnerability Management and Patching Part 1
    • Vulnerability Management and Patching Part 2
    • Vulnerability Disclosure Program Part 1
    • Vulnerability Disclosure Program Part 2
    • Vulnerability Disclosure Program Part 3
    • Device Ownership
    • IOTSF Secure Design Best Practice Guides
  • Privacy
    • Data Privacy Part 1
    • Data Privacy Part 2
    • Reasonable Security: A Review of US Law Affecting IoT
    • Global IoT Laws: A Review of International Law Affecting IoT

Taught by

Matthew Clark

Reviews

Start your review of IoT Product Security

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.