Hands-on-Training CYBERSECURITY Risk Management - ARGOS

Description:

Experience first-hand how you can implement cybersecurity risk management in the context of (medical) devices and software!

Effective risk management is the key for safe and effective medical devices. It encompasses every stage, starting from the initial product idea, through development and product launch, all the way to the end of the product's life.

Maybe you are already familiar with the risk management requirements outlined in Regulation (EU) 2017/745 (MDR) (Medical Device Regulation) and the relevant ISO 14971 standard in the context of safety.

But: the MDR emphasizes the need to consider not just operational safety, but also potential risks related to data security (a.k.a.: Cybersecurity) and the threats of cyber-attacks.

Would you like step-by-step instructions on how the legally required cybersecurity risk management can be integrated into your existing (safety-) Risk Management?

Then our training is tailor-made for you! We will demonstrate this process using the real-world product example "BO-Score."

Our product "BO-Score" is designed for evaluating deep emotional, physical, and mental exhaustion commonly known as "burnout" in adult patients aged 18 and above. It is a handheld device that measures micro-movements ("trembling") to derive conclusions about the level of burnout.

In our training, we apply step-by-step our system for cybersecurity risk analyses called ARGOS. Utilizing our templates, we collaboratively develop solutions hands-on, which is the most effective way of learning. These solutions can be seamlessly integrated into your risk management framework.

Let's embark on this journey together, making your (medical) device both, safe and secure for patients and practitioners alike.

Programme

10:00  Welcome and introduction

10:15  Information security in the life cycle of (medical) devices – What do I have to consider?

• Overview and terms
  • "Cybersecurity" and "Information Security"
• Risk management and the relationship between safety and security
• Our approach "ARGOS": Advancing Risk-Management and Governance On the basis of Security
• How to evaluate "cybersecurity"?
  • The Common Vulnerability Scoring System (CVSS)
• Purpose and system architecture as a basis
• Cybersecurity aspects in medical technology

11:30  Refreshment break

12:00  Hands-on: We get to know the example system

• Our product "BO-Score"
• How is BO-Score used?
• What interfaces does the system have?
• In what environment is it used?
  • Intended purpose / intended use
  • System architecture

12:15  Hands-on: the Risk Management Plan

• What does the risk management plan include?
• How do severity, probability of occurrence and risk acceptance need to be expanded?
• Relationship between safety (operational safety) and security (information security)

Group work: Adding SECURITY to the risk management plan

12:30  Hands-on: We carry out the CYBERSECURITY-RM (guided group work part 1)

• What assets does the system have?
• Which interfaces can be identified?
• In what environment is the product operated?

Group work: Preparation of the hazard analysis

13:15  Lunch break

14:15  Hands-on: We carry out the CYBERSECURITY-RM (guided group work part 2)

• How do I recognize possible threats?
• Modelling of attack scenarios using "threat modelling"
• The "STRIDE"-approach

Group work: Further work on the hazard analysis

15:00  Refreshment break

15:15  Hands-on: We carry out the CYBERSECURITY-RM (guided group work part 3)

• How can the identified risks be controlled?
• Security capabilities as protective measures
• Relationship between safety (operational safety) and security (information security)
• Is the overall residual risk acceptable?

Group work: finding, formulating, and evaluating measures

16:00  Hands-on: We prepare the risk management report! (guided group work part 4)

• What should the risk management report look like?

Group work: Preparation of the risk management report

16:30  Summary and adoption

16:45  End

Preliminary program. We reserve the right to adjust.

Prices:

VDE member*: 620 EUR

Regular participation: 690 EUR

Special offer for Start-Ups:

VDE member*: 450 EUR

Regular participation: 500 EUR

*Discount only with a current VDE membership number