• training situation

    Security trainings

    Dive into the world of embedded security!

ESCRYPT has long since stopped teaching only the basics of cryptography in its training courses. Instead, the company channels its years of experience in embedded security, gained during numerous industry projects, to provide practical examples and the latest technological developments.

ESCRYPT is the leading systems supplier for embedded security, with many years of experience. Its training courses impart a solid understanding of security for embedded devices, thereby laying the foundation for the development of secure technologies.

security chip

Security testing strategy

Develop a strategy how to approach security testing for your organization and products. Starting with an introduction into the field, we evaluate your current status quo of security testing, identify the gaps, and develop a strategy for the future.

mehr erfahren
Participants
  • Product managers, project managers, test managers, and security managers who need to establish a solid understanding about security testing methods and how to apply them throughout the development lifecycle.
Training goals
  • Get to know the motivation, challenges and limitations of security testing
  • Find out how to thoroughly consider security testing in the product development lifecycle (e.g., testing activities in the different phases of the lifecycle)
  • Get an overview of different security testing methods and understand the differences
  • Learn and understand the basic principles of security testing
  • Learn and understand “what” to target in the security testing in which testing setup (e.g., systems, devices, components, interfaces)
  • Get to know how to handle identified weaknesses and which mitigation options exist
  • Create a first draft of a security testing strategy during the workshop
  • Understand the requirements for security testing from the most prominent standards and regulations
  • Analyze the current status quo in your company together with the trainer
  • Compare the status quo with best practices and other requirements
  • Develop a target picture for the future and define the next steps
Requirements
  • Technical understanding of systems/products and system/product development
  • Basic understanding of IT security is helpful
  • If available, an overview of the own security testing strategy
Duration
  • 1 day
secured cars

ISO21434 – From security engineering to management

Advanced IT security training that focuses on ISO/SAE FDIS 21434 requirements and cybersecurity management overall in the context of the UN regulation 155 (UNECE WP.29). The training covers subjects like risk assessment as well as the different engineering phases from concept to development and post development.

mehr erfahren
Participants
  • Security manager, product manager or project manager.
  • System engineer, software engineer, hardware engineer or developer.
Training goals
  • Learn the building blocks of ISO/SAE FDIS 21434 compliant security engineering.
  • Get an overview how ISO/SAE FDIS 21434 helps you to meet the requirements of the UN regulation 155.
  • Understand the risk-based approach of ISO/SAE FDIS 21434 to product security.
  • Learn from our firsthand expertise for the ISO/SAE FDIS 21434 through dedicated case studies.
  • Get to know more about security engineering during the concept phase (incl. cybersecurity relevance assessment, goals & concept).
  • Find out about the importance of security engineering in the development phase (incl. cybersecurity DIA, design, implementation and V&V).
  • Benefit from our knowledge about cybersecurity in production, operations, maintenance and decommissioning.
Requirements
  • Basic technical understanding of automotive systems on engineering level
Content
  • Introduction to security engineering
  • Governance & Ecosystem
  • Risk management
  • Concept and development
  • Production and operation
Duration
  • 2 days
security chip

Security testing

Embedded security solutions are always deployed where it is necessary to protect sensitive data from unwanted access. This means companies and users have to be able to trust in the reliability of their security solutions without exception. This security training provides an introduction to security testing methods for the entire lifecycle and helps you understand what to test, which security testing methods exist, and how to handle findings.

mehr erfahren
Participants
  • Product managers, project managers, test managers, and security managers who need to establish a solid understanding about security testing methods and how to apply them throughout the development lifecycle.
  • System engineers, system architects and testers who are responsible for the execution of test strategies.
Training goals
  • Get to know the motivation, challenges and limitations of security testing
  • Find out how to thoroughly consider security testing in the product development lifecycle (e.g., testing activities in the different phases of the lifecycle)
  • Get an overview of different security testing methods and understand the differences
  • Learn and understand the basic principles of security testing
  • Learn and understand “what” to target in the security testing in which testing setup (e.g., systems, devices, components, interfaces)
  • Get to know how to handle identified weaknesses and which mitigation options exist
  • Understand the requirements for security testing from the most prominent standards and regulations
  • Interactive exercises to strengthen understanding of individual topics
Requirements
  • Technical understanding of systems/products and system/product development
  • Basic understanding of IT security is helpful
Duration
  • 1 day
earth from space with satellite network

Threat analysis and risk assessment coaching

A solid threat analysis and risk assessment (TARA) is the basis of a thorough security concept and thus of all security-related steps in the development process. In this advanced coaching, we explain an established and approved TARA methodology that is based on the Common Criteria and fully aligned with ISO/SAE DIS 21434.

The theoretical part is complemented by a practical part. Here, the customer team creates a TARA for one of their systems, while the ESCRYPT trainer provides support and reviews.

mehr erfahren
Participants
  • Product and project managers who need to understand the methodology of a threat analysis and risk assessment in the context of the product development process
  • Security managers who are responsible for conducting the threat analysis and risk assessment during the product development process
Coaching topics
  • Learn and understand how the threat analysis and risk assessment contributes to efficient and effective risk management, e.g., in the context of ISO/SAE 21434
  • Get to know a methodology how a threat analysis and risk assessment is performed
  • Carry out a threat analysis and risk assessment for one of your systems
Requirements
  • Basic knowledge of product development processes
  • Detailed understanding and awareness of security risks for your product category
  • Overview and description of the system that is to be evaluated
Duration
  • 3 days (spread over approx. 3 month)
Secure product design

Secure product design

Basic IT security training that covers organizational and technical aspects of product development. The training focuses on security tasks in classic and agile development processes, cryptography, and basic IT security measures.

mehr erfahren
Participants
  • Product or project managers who need to establish a solid understanding about general security principles, processes and tools that are necessary for secure product design
  • Product engineers who are responsible for analyzing and defining security requirements and for defining security concepts
Training goals
  • Get to know different aspects of security (e.g., theory vs. practice, challenges, …)
  • Learn and understand security basics (e.g., basic terminology)
  • Find out how to set up a secure software development lifecycle
  • Establish fundamental knowledge about cryptographic tools, algorithms, and protocols
  • Understand important aspects of access control (authentication and authorization)
  • Learn to apply main security principles
  • Comprehend secure coding techniques
Requirements
  • Basic technical understanding of mathematical and information technology (engineering level)
Content
  • Security basics
  • Secure software development lifecycle
  • Cryptographic tools, algorithms, and protocols
  • Authentication and authorization
  • Security principles
  • Secure coding
Duration:
  • 2 days
Download flyer as PDF
Secure connected products

Secure connected products

Advanced IT security training that focuses on technologies for connected or IoT products. The training covers both basic connectivity topics as well as detailed information to IoT protocols and technologies.

mehr erfahren
Participants
  • Product or project managers who need to establish a solid understanding about secure design of connected or IoT products
  • Product engineers who are responsible for analyzing and defining security requirements and for defining security concepts of connected or IoT products
Training goals
  • Understand distinct security aspects regarding connectivity
  • Understand important aspects of advanced access control
  • Establish an overview knowledge of secure protocol configurations and pitfalls
  • Learn the basics about protocols for the internet of things
  • Comprehend the threats to interfaces and how to alleviate them
  • Find out the basics about web services and possible vulnerabilities
Requirements
  • Basic technical understanding of mathematical and information technology (engineering level)
  • Basic technical understanding of cryptography and IT security (i.e. knowledge from secure product design or equivalent)
Content
  • Connectivity basics: background and product case study.
  • Advanced identification and authentication.
  • Secure communication
  • Interface protection
  • Web services security
Duration
  • 1 day
Eingebettete Sicherheit für Fahrzeuge

Automotive security

Few things stir the automotive world to such strong emotion as the prospect of selfdriving vehicles. Where some see enormous gains in comfort, convenience, and safety, others are concerned about automotive autonomy and hackers attacking their vehicles. Yet the need for effective embedded security in vehicles was on the rise before the advent of the automated vehicle. Today's vehicles already need protection against odometer manipulation, unwanted access to vehicle electronics, and many other threats.

This training provides special IT security knowledge for the automotive industry. In doing so, we follow a holistic approach that leads from secure ECU design to secure on-board networking and secure connected vehicles. Practical exercises and examples complement the discussed contents.

mehr erfahren
Participants
  • Product or project managers who need to establish a solid understanding about automotive security principles for secure design of ECUs, the on-board network or connected vehicle services.
  • Automotive product engineers who are responsible for analyzing and defining security requirements and for defining security concepts.
Training goals
  • Get to know current aspects of automotive security
  • Discover a holistic view on automotive security
  • Understand the challenges and possibilities to develop secure ECUs
  • Understand the challenges and possibilities of secure networking
  • Understand the challenges and possibilities of secure connected vehicles
  • Learn how to apply the theories from the learning sections in real-world use cases
  • Learn about the most important automotive security standards
Requirements
  • Basic technical understanding of automotive systems (engineering level)
  • Basic technical understanding of cryptography and IT security (i.e. knowledge from secure product design or equivalent)
Content
  • Introduction to automotive security
  • Holistic automotive security
  • Secure ECU design
  • Secure on-board networking
  • Secure connected vehicles
  • Automotive security standards
Duration
  • 2 days
Language:
ISO 9001:2015 Home