• Online, Self-Paced
Course Description

This course will focus on the fundamentals of how to set up a functioning IoT product security program from the perspective of a company that designs, manufactures, and sells IoT and IIoT devices for consumer or industrial use.

Learning Objectives

By the end of this course, students should be able to:
- Design and build a risk-based IoT product security program to securely develop, manufacture, deliver, and support IoT and Industrial IoT (IIoT) devices throughout their product lifecycle
- Understand what existing security program elements CISOs can leverage to implement an IoT product security program and identify the new elements that need to be added
- Identify principles of hardware roots of trust and develop an understanding of how to help guide product engineers to securely design IoT products
- Understand how to design secure elements and hardware roots of trust including TEE, TPM, HSM, and DICE
- Understand how CISOs should manage risk associated with existing IoT, IIoT, Industrial Control Systems (ICS), and Operational Technology (OT) systems within the context of their existing security program
- Learn how to create a Vulnerability Disclosure Program using tools such as bug bounties and responsible disclosure
- Understand how to secure the IoT device provisioning and manufacturing practices including a robust examination of security considerations for chip manufacturers, IoT device OEMs, and contract manufacturers
- Learn relevant legal and regulatory changes affecting the global IoT market, and identify steps organizations should consider to meet the changing security and privacy environment
- Apply security knowledge gained by study of CISSP, CISM, CRISC, etc. to the real world scenarios contained in the course material and discussions

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.