Training
 |
Security: Cyber- & IT-Security

SECURITY: CYBER- & IT-SECURITY FROM A – Z

Basics and Vehicle Technologies for Beginners

End-to-End Considerations in the Automotive Environment
Connected vehicles create the basis for new services and digital business models. However, networking also increases the risk of cyber-attacks on the car and its infrastructure. Our comprehensive basic training provides you with a sound understanding of potential threats and shows you how to ward them off. You will also gain insights into the technology of networked systems in and around the vehicle.

Is there an increasing need to consider security concerns in your automotive and product development projects? This training will provide you with a fundamental understanding of project practice, from multiple threat scenarios to established standards and guidelines and deep insights into the backbone technology of networked IT infrastructures. Our second day is dedicated to this technical focus.

Security Day 1. Basics

  • Introduction to Terminology, Definitions, Standards and Technological Frameworks
    You will gain a basic understanding of how to determine and delimit security dimensions - from information and IT security to cyber security, to data transmissions, data confidentiality, data integrity and availability.
  • Information Security and Management of IT Security
    You are concerned with measures to ward off threats - both technically and at company level. For this, you will not only learn about protection requirements and goals but also about threats and categories of particularly vulnerable areas.
    You will also deal with the requirements in the company, from requirements for a security management system to the corresponding roles and the necessary PDCA.
  • Automotive Cybersecurity
    You will learn to understand the purpose and goals of hacking and the mindset of hackers. This includes threat categories according to the STRIDE model. The focus is on special vehicle features such as CAN, Automotive Ethernet and particularly vulnerable ECU functions.
  • Embedding Cybersecurity
    In order to identify and address vulnerabilities in advance, you will work out the context of potential attacks. This includes hacking attacks and safeguarding through careful systems engineering: secure programming and safe code, as well as aspects of functional safety.
  • Security Standards and Methods
    You will become familiar with the relevant security standards and their guiding principles and strategies (IEC 62443, OWASP, SAMM, CERT-X, MISRA, ITIL, ISO 27k, SAE / ISO 21434, J3061TM, NIST800-53r4). In particular, you will practice applying known security control methods to security issues - from attack tree analysis to the security FMEA and the threat model.

Security Training: Day 2. Technical Aspects for Vehicles

  • The Need for Security in Vehicle Design
    You gain insights into the encryption of communication between vehicle components (intra-vehicle) and between vehicles (inter-vehicle), and the necessary authentications. These include the protection of updates, privacy issues in statistical data collections, the impact of firewalls and VPN (intra-vehicle and inter-vehicle), as well as firewalls, VPN, and encryption in telemetry applications.
  • Basic Knowledge of Encryption Technology
    You deal with symmetric algorithms such as ciphers (block and stream ciphers), the problem of symmetric exchange of keys and brute-force attacks on networked vehicles and their infrastructures. Also on the agenda are asymmetric algorithms, including public and private keys, man-in-the-middle attacks, checksum protection, digital signatures, and public key infrastructures.
  • Firewalls in IP-based Networks
    You will gain basic knowledge of firewall topologies, perimeter firewalls, DMZ and security zones, as well as internal firewalls. In addition, you will encounter firewall typologies for layer architectures based on OSI: we will talk about filters for MAC addresses and IP, data packets (stateless and stateful) as well as application-related firewalls and proxies. Data protection and anonymity are topics in anonymization proxies and onion routing. The topic is also rounded off by virtual private networks. You will learn more about the basic VPN design, a comparison of OpenVPN with IPSEC, and finally about the further development of VPN technology.

Target audience of the Security Introduction 

Employes who need comprehensive insight into threat scenarios, defense strategies and a fundamental, end-to-end understanding of involved technologies. 

  • In particular, product development engineers, project managers, and specialists who will be responsible for security tasks in the future.
  • No prior knowledge in the security environment required, but an interest in and understanding of technical interrelationships is an advantage.

Training details

  • 2 days
  • Approx. 9 a.m. to 5 p.m.
  • Number of participants: approx. 12

Registration 

You can confirm your booking directly through this website or by sending us your instructions. Once a minimum number of places have been booked for the course, you will receive immediate confirmation of participation. We will also send details about the location where the course will be held. 

Ideal training for your company 

Need more customized training? We can pull together an individual package to meet your needs and the requirements of your company. All courses run by our experts are also available

  1. In German or English
  2. In-house: at your actual place of business and exclusively for your company. Course content for your in-house training will be agreed with you in advance. 

The comprehensive instructional material is included. You'll receive a training certification after the course.

Knowledge – straight from the experts

Our course instructors are recognized experts in their field. Our know-how speaks for itself: The course directors at Kugler Maag Cie have already trained many trainers themselves, who now also offer their own courses – but if you come to us, you turn directly to the original source of the knowledge.

Our training approach has been ingeniously pulled together to cover 

  • method skills, developed over years by our instructors, who also write books on these topics
  • a treasure trove of expertise, gained through our involvement in industry bodies
  • the very latest insights from our work as consultants

Our experience with international projects in a variety of industry sectors enables our instructors to directly answer any questions you may have. 

Learning in a pleasant and friendly atmosphere

We look forward to welcoming you to one of our courses. To make sure you can focus on the content of the course, we ensure that your stay is as pleasant as possible. All food and drinks are included, from snacks during breaks to lunch. 

On courses lasting several days, we would also like to invite you out for the evening. This is a good chance to compare notes with other course participants and forge friendships. 

Training
Kontakt
Softwaredrives