This course will focus on the fundamentals of how to set up a functioning IoT product security program from the perspective of a company that designs, manufactures, and sells IoT and IIoT devices for consumer or industrial use.
Learning Objectives
By the end of this course, students should be able to:
- Design and build a risk-based IoT product security program to securely develop, manufacture, deliver, and support IoT and Industrial IoT (IIoT) devices throughout their product lifecycle
- Understand what existing security program elements CISOs can leverage to implement an IoT product security program and identify the new elements that need to be added
- Identify principles of hardware roots of trust and develop an understanding of how to help guide product engineers to securely design IoT products
- Understand how to design secure elements and hardware roots of trust including TEE, TPM, HSM, and DICE
- Understand how CISOs should manage risk associated with existing IoT, IIoT, Industrial Control Systems (ICS), and Operational Technology (OT) systems within the context of their existing security program
- Learn how to create a Vulnerability Disclosure Program using tools such as bug bounties and responsible disclosure
- Understand how to secure the IoT device provisioning and manufacturing practices including a robust examination of security considerations for chip manufacturers, IoT device OEMs, and contract manufacturers
- Learn relevant legal and regulatory changes affecting the global IoT market, and identify steps organizations should consider to meet the changing security and privacy environment
- Apply security knowledge gained by study of CISSP, CISM, CRISC, etc. to the real world scenarios contained in the course material and discussions