Threat Modeling Medical Devices

This training is online and taught in English. Check here to find out more about the content and to subscribe.

Why take this course?

Regulators across the world, including the Food & Drug Administration (FDA) and European Medicines Agency (EMA), are embracing threat modeling as part of their requirements. It is widely agreed upon by security standards groups, such as OWASP and NIST, that threat modeling is a highly effective method to inform secure software architecture and requirements. Threat modeling identifies potential security issues across a number of risk types for makers and users; including patient safety risks Threat modeling is a clear and efficient method to communicate requirements to all stakeholders, independent of technical abilities. The artifacts produced through threat modeling are pieces that can directly be used as part of regulatory submissions, and do not add regulatory overhead to build specific documentation.

Even with growing security teams, there will never be enough security experts to thoroughly evaluate the security threats for each medical device continually. By training your team, from security analysts to software engineers to product managers, you will be able to ensure that your team has the ability to identify threats and iterate on existing threat models that your teams generate. This allows security to be a part of the medical device development lifecycle, rather than a separate burdensome process.

MedCrypt, a leading cybersecurity firm 100% focused on medical devices, and Toreon’s Data Protection Institute (DPI), a globally-recognized leader in threat modeling training, have partnered to create the most comprehensive threat modeling training specifically for Medical Device Manufacturers (MDMs). Leveraging the curriculum that Toreon uses for their Black Hat training, our teams have incorporated lessons learned from delivering cybersecurity to MDMs and regulatory requirements to ensure that this curriculum meets the needs of medical devices.

As part of this course, you will see how you can leverage your threat model in multiple other aspects of your regulatory submission, allowing you to focus on addressing any issues rather than assembling a multitude of different documents.

Every medical device needs a threat modeler, but not every threat modeler needs to be a cybersecurity specialist. Through our training every participant will walk away with both knowledge about threat models, how to assemble a team and conduct a session as well as all of the materials to do that the very next day.

This training is online and taught in English. Check here to find out more about the content and to subscribe.