Purpose and Outcome

Security is playing an increasingly important role in the regulatory landscape and the healthcare sector.    This course helps to achieve compliance with the IEC 81001-5-1 framework and additionally focuses on the requirements set by both the EU and the FDA (USA).

The framework is designed to document how security by design is applied end-to-end, from organizational awareness to a common thread throughout documentation (activity roadmaps and security development), showing how threat modelling, risk management, post-market vigilance, and security architecture are carried out.

In this course, you will learn how to build a framework that covers:

• Risk management planning and report management
  • Focus on AAMI/ANSI SW96, TIR 57, TIR 97 for security and interplay with ISO 14971 for safety
• Principles of threat modelling and secure design
• Post-market activities to maintain the applied security level long-term

The course focuses on the FDA, the EU including MDCG, and ISO/IEC 81001-5-1 series as examples of frameworks. The course aims to provide a plan for how to build a cybersecurity framework holistically, with the objective to demonstrate that many requirements are based on a shared common security best practice concept, which means that a strong framework allows a one-to-many adaptation of cybersecurity requirements.

Upon completion of the course, you will be able to:

1. Understand the key concepts behind using a centralized framework to provide one-to-many requirements coverage
2. Become familiar with some of the official standards and requirements for cybersecurity frameworks
3. Have a plan for how to implement the plan in your organization

Content

The course covers the following key topics:

• Introducing cybersecurity frameworks and planning activities
• Introducing key activities such as data-flow analysis and threat modelling
• Introducing risk management for cybersecurity and utilization of threat analysis
• Overview of regulatory and cybersecurity standards
• Documenting a cybersecurity framework for:
  • Internal analysis and structured security review
  • Presenting the body of work to an external reviewer/auditor/organization

The course comprises classroom presentation and work exercises on a fictional use case study.

Participants are encouraged to bring forward any concrete examples or use cases they may have.
 

Who should attend

The course is designed for organizations starting up a cybersecurity framework process, or organizations already in early stages of managing cybersecurity, but are looking for new inspiration. The course is suitable for participants with beginner to intermediate knowledge of cybersecurity. It primarily focuses on cybersecurity process and less on technical cybersecurity.

The course is relevant for:

• Cybersecurity Quality Assurance / Quality Assurance Engineering
• Cybersecurity Regulatory Affairs
• Cybersecurity Product Responsible
• Cybersecurity System Engineer
• Cybersecurity Product Owner
• Cybersecurity Program Manager
• Security Champions in Development Department
• Cybersecurity Software Engineers
• Cybersecurity Test and Verification

Trainer

Jens Schønberg, CEO
Founder and Principal Cybersecurity Specialist, JBS Consultancy

The trainer is the co-lead on the IEC 81001-5-1 revision currently being developed.