Skip to main content

CYBR 375 Risk and Security Controls for Medical Devices

The medical device sector encounters distinct cybersecurity challenges, particularly because its products can directly impact patient health and safety. To address these issues, cybersecurity experts rely on established control frameworks to guide the assessment and mitigation of cybersecurity threats. This course offers a comprehensive exploration of control frameworks used to define, recognize, evaluate, report on, and mitigate cybersecurity risks tailored to the specific requirements of the medical device industry. Participants will gain the skills necessary to create and sustain cybersecurity risk mitigation initiatives and assess risks using methodologies and instruments devised by leading bodies like the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO), among others. The course covers a range of topics, including an examination of pertinent control frameworks, the principles and instruments for mitigating cybersecurity risks, cyber threat modeling, methods and tools for cybersecurity risk evaluation, approaches for conveying cybersecurity risks to corporate executives, and the formulation of strategies to mitigate cybersecurity risks

Prerequisites

Special information

First day attendance is mandatory.
Note: Students are responsible to both be aware of and abide by prerequisites for ICS/CYBR courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
4 Undergraduate credits

Effective May 2, 2024 to present

Learning outcomes

General

  • Analyze prevailing cybersecurity control frameworks for the medical device industry.
  • Demonstrate a practical understanding of appropriate control frameworks and solutions for securing Internet-connected medical devices.
  • Define foundational concepts and terms of cybersecurity risk management and mitigation.
  • Apply risk assessment methodologies and tools developed by leading institutions.
  • Demonstrate expertise in performing cybersecurity assessments, using risk assessment tools, reporting results, and recommending mitigative actions.
  • Apply security-by-design principles to mitigate cybersecurity risks for Internet-connected medical devices.