Course Description:
The Security Development Lifecycle training course and workshop was created specifically for developers of industrial control system products with a particular focus on network-enabled embedded control system products such as PLCs, DCSs, SISs, RTUs, VFDs, etc. The objective of this course is to train R&D teams, through a combination of lecture and workshop, on how to properly and effectively integrate software security assurance practices and techniques into their existing software development lifecycle. The training covers all phases of IEC 62443-4-1 (Product Development Lifecycle Requirements) as well as IEC 62443-4-2 (Technical Security Requirements for IACS components), and the ISASecure™ Software Development Security Assurance (SDSA) certification program.
Agenda:
- Security Development Lifecycle Introduction
- PC & Networking Best Practices
- System Integration and Maintenance
- Security Management Process
- Software Exploitation
- Security Requirements
- Software Architecture Design
- Threat Modeling Training
- Module Implementation and Verification
- Security Integration Testing
- Security Validation Testing
- Incident response Planning and Execution
- Document Security Guidelines
Course Length: 3 days