IoT Product Security
Course Content
This course, taught from the perspective of a CISO or a senior director in either a security or engineering organization, will focus on the information required to design and implement an IoT product security program. The topics discussed in this course will apply to any Information Security Program trying to understand how to securely handle IoT, IIoT, ICS, and OT technology within the enterprise. By better understanding the underlying security concerns of designing and manufacturing IoT devices, security practitioners can better understand how to secure these devices within their environments.
The IoT security field is maturing and changing at an incredible rate. At the same time, IoT is expanding into our everyday lives and will continue to have an increasing impact on how we live our lives. Threat actors understand this and see the immature industry as an opportunity to do evil.
This class is designed for senior-level security professionals and assumes the learner has knowledge of advanced security concepts, experience leading security or engineering organizations, and is comfortable with business risk and governance concepts. The class is organized in a way to help organizations stand up an IoT product security program; however, any learner with a desire to understand how to apply cyber security principles to IoT security will benefit from the material in this class.
This class takes a deep technical dive into designing and establishing a secure foundation of trust within the IoT device and ecosystem architecture. The class will take a deep technical dive into roots of trust, anchors of trust, secure boot, and managed boot with an in-depth discussion of secure elements and hardware roots of trust, including TEE, TPM, HSM, and DICE. It discusses the steps an organization can take to develop a product security program to address IoT security, including factors of success, reporting structures, and which elements of the existing information security program that can be incorporated and enhanced for product security. This class discusses how an organization can proactively develop tools to address IoT vulnerabilities, such as developing an enterprise vulnerability disclosure program using tools such as bug bounties and responsible disclosure. It discusses hot topics, such as third-party risk, IoT physical and logical security, OTA patching, architecture frameworks, and IoT manufacturing considerations in foreign markets. The class will identify secure IoT device provisioning and manufacturing practices, including a robust examination of security considerations for chip manufacturers, IoT device OEMs, and contract manufacturers. This class also discusses relevant legal and regulatory changes affecting the global IoT market and steps organizations should consider to meet the changing security and privacy environment. Lastly, this class uses real-world case studies and goes behind the news headlines to discuss how organizations can take steps today to prevent becoming tomorrow's next Internet meme.