Contact person
Anithasree Maroju
TIC-ingenjör
Contact Anithasree
Cyber security for IoT products - SSF and ETSI standard
This course covers the two standards ETSI EN 303645 and SSF 1120-1. The goal is for you to learn how to protect IoT products and systems from cyber attacks and threats.
The number of connected products is increasing, which increases the risk of being exposed to attacks or losing sensitive data. To reduce cybersecurity incidents, it is important that each connected product maintains a sufficiently high security level. ETSI EN 303645 and SSF 1120-1 introduces requirements for authentication, handling of personal data, encryption, updates, vulnerability policy, etc.
The ETSI EN 303645 standard is an international standard, which the Swedish Theft Prevention Association has further developed into SSF 1120-1. These both aim to set basic cybersecurity requirements for IoT products. Examples of IoT products are smart TVs, digital locks and other connected devices in the home such as appliances, alarm systems, toys, light sources, cameras, speakers and more.
In addition to the international standard, SSF 1120-1 also contains requirements for two types of tests: General testing and penetration testing. The tests provide proof that the product is safe in practice.
Purpose
The purpose of the course is that the participant gains a deeper understanding of the two standards - ETSI EN 303645 and SSF 1120-1.
Content
The course provides you with knowledge of the international cybersecurity standard for IoT products developed by the standardization organization ETSI. The course also provides information about the Swedish Theft Prevention Association's national standard.
- Understanding of general requirements and testing of IoT
- Understand the necessity of cryptographic algorithms
- Understanding of security measures in terms of software and hardware
- Understand how to report and respond to vulnerabilities if found by consumer
- Importance of penetration testing for IoT
- Understand relatedness between ETSI EN 303645 and SSF 1120
Target group
Managers, hardware designers, programmers/developers, test and systems engineers, project managers, quality managers, operations and maintenance personnel.
Previous knowledge
General IT knowledge is recommended.
Custumised training course
If the current course date does not suit you, please contact Ted Strandberg or Anitasree Marjou below to book a customised course.
Programme
Programme
- Introduction
- Overview of related standards
- Terminology
- Development requirements
- Account Management
- Operation
- Data protection
- Examples
- General Testing
- Penetration testing
