Skip to main content

Product Cybersecurity Compliance for Decision Makers

In November 2024, the EU’s Cyber Resilience Act (CRA) was published. After a 36 month transition period, it will be in full effect on 11 December 2027. The CRA aims to enhance the security of all digital products sold within the EU. With its broad scope, it will affect numerous organizations. But what does this actually entail? What criteria must products fulfill to comply with the CRA? What organizational processes are required? And how does it align with existing regulations and standards such as NIS2 and the security requirements in the Radio Equipment Directive (RED/DA)? Shouldn’t those already address these needs?

Course Overview #

This course will provide you with a clear and thorough overview of the CRA and the legislative trends related to it. In addition to covering the fundamentals, we will offer insights into the various ways to demonstrate compliance and explore the trade-offs between legal certainty and the efforts required for compliance.

We will also examine the broader industry trends that have contributed to the creation of the CRA, giving you a complete understanding to help you make proactive decisions. Specifically, we will explore the factors that have made products more vulnerable, the types of attackers you might face, and the various risks you need to consider.

Lastly, we will cover industry best practices for developing secure products. This includes the Secure Development Lifecycle, threat modeling, security testing, DevSecOps, and shift-left security. We will discuss both the theoretical foundation of these practices and how to implement them effectively and efficiently. You will gain insights into the benefits and costs of these approaches and learn how to evaluate the potential advantages of adopting them in your organization.

Objectives #

After the course, participants understand:

  • The content and scope of the CRA
  • A comparison of the CRA with other legislation and standards
  • Key factors to consider when selecting a CRA compliance strategy for your company
  • The broader trends influencing the CRA and cybersecurity
  • How to balance security requirements with other company and product priorities
  • Technical approaches for efficiently developing secure products
  • Organizational strategies for efficiently developing secure products

Duration and Language #

I can offer this course in various durations, ranging from 1 to 4 hours.
Teaching is in English, German, or Dutch.

Interested? #

You can book this course through the website of Zühlke, my employer.