Cybersecurity Risk Management & Introduction to AAMI TIR57
We will provide you with the essential activities which should be performed as part of a robust Security Risk Analysis process. We will focus primarily on the AAMI TIR57 – Principles for Medical Device Security – Risk Management standard and demonstrate how the methods can be used to supplement your organizations ISO 14971 Risk Management Process with a focus on cybersecurity.
With the increasing threat of cybersecurity affecting connected medical devices, software, systems, and healthcare IT networks, manufacturers must understand how to identify and mitigate security threats to assure that products & systems are designed to be resistant to security exploits. The process by which security threats are identified, analyzed, and mitigated is called Security Risk Management or Security Threat Modeling and is an essential activity for manufacturers of IoT enabled Medical Devices and Medical Device Software.
In our two-day training program, we will provide you with the essential activities which should be performed as part of a robust Security Risk Analysis process. We will focus primarily on the AAMI TIR57 – Principles for Medical Device Security – Risk Management standard and demonstrate how the methods can be used to supplement your organizations ISO 14971 Risk Management Process with a focus on cybersecurity. We will also present supporting information from the NIST Cybersecurity Framework and the NIST SP 800-30 publication to further enhance learning.
We will use a case study based approach to the training program to demonstrate how each of the steps are completed. Included in our training session is the opportunity for small group breakout sessions to practice each key learning and sufficient time to answer specific questions participants may have.
Upon completion of this training, you will:
- Understand the key terms and concepts of Security Risk Management and Threat Modeling
- Be familiar with the content of the AAMI TIR57 standard and how to apply it to your product portfolio
- Have a framework by which you can model your organizations security risk management process and reports
- Introduction to Risk Management and Security Risk Management Standards
- Identifying bad actors, their goals, and capabilities
- Understanding the threat surface of your products, systems and networks
- Overview of security vulnerability and weakness and how they are exploited to achieve security goals
- How to analyze the exploitability and criticality of identified security threats
- What are security capabilities and risk controls appropriate to address the threats
- Documenting security risk analysis
Classroom presentation, small workgroup activities, example oriented, interactive. The training level is introductory to moderate level, suitable for newcomers as well as those with some experience in security risk management.
- Product Development Engineers
- Product Security Designers
- Software Developers
- Quality Professionals
- Regulatory Professionals
- IT Professionals interested in Product Development
- Technical Marketing Professionals
- CIOs/CISOs/IT Executives
Faud Khan, Chief Security Analyst, TwelveDot Inc.
Laura Élan, Cyber Security Medical Expert, TwelveDot Inc.
"Highly qualified presenters"
"I liked the possibility of bringing my work-related problems to the table"
"Interesting topic, Excercises and relevant examples"
Participants, Spring 2021