The Product Security Fix: Q2-2024
Medical, Automotive, and Critical Infrastructure Teams, This Newsletter Is Dedicated to You.
As Q2 came to an end, everyone had the same thing on their mind– compliance.
Right now, the automotive sector is revving up for R155’s CSMS initiation, medical device manufacturers are closely watching recently published Ultra Sound vulnerabilities and critical infrastructure product security teams are taking on CRA in Europe.
That’s why we’re dedicating this issue to all the product security teams who are maturing their processes and keeping us safe. Below, we focused on standards, regulations, compliance, and scaling these once-burdensome requirements.
🤘 Dive in, read on, and keep protecting those mission-critical devices we rely on.
Have something you’d like to see? Let us know
Below is some of what you need to know:
What’s abuzz product security?
The Product Security Maturity Report
With a wave of new standards and regulations coming into force, maturing product security activities remains a top priority. Our latest report provides a practical guide for assessing and improving product security maturity.
Green Light for Secure Cars: Cybelum Achieves TISAX Certification
TISAX certification, established by the German Association of the Automotive Industry (VDA) in 2017, is essential for working with the full automotive ecosystem and builds upon the existing ISO27001 standards. See what this certificate means for the automotive ecosystem.
Using Maturity Models to Speed Up Cybersecurity Compliance and Minimize Risk
To boost medical product security teams’ readiness and resilience, we partnered with H-ISAC’s Navigator program to discuss streamlining compliance at scale. Watch to learn how to assess your organization’s maturity and reduce risk.
Compliance corner
Stay on top of standards and regulations
UNECE WP.29 FAQ
Does your confusion increase as you go deeper into R155? We compiled the most frequently asked questions to explain how they impact product security teams throughout the ecosystem.
Is the EUCC all it’s cracked up to be?
The European Cybersecurity Certification Scheme on Common Criteria represents a pivotal standardization of cybersecurity certifications across the EU. To understand what product security teams need to know about meeting the new criteria.
FYI, you should know about PSTI
PSTI is a UK regulatory framework that enhances the security of internet-connected devices. The PSTI sets minimum security standards to protect devices against cyber threats and vulnerabilities.
Recommended by LinkedIn
Meeting the FDA’s KPIs?
The FDA outlines defect density, patch velocity, and patch-to-production metrics in its premarket authorization cybersecurity guidelines. Read to learn how to identify and measure these KPIs to remain compliant.
What’s the connection between NIS2 and Cybersecurity?
The EU's NIS2 directive raises the bar for security across critical infrastructure and its supporting systems. This includes stricter rules for both how companies report cyber incidents and the steps they take to manage security risks.
What the experts are saying
Catching up with the leaders shaping tomorrow’s product security.
Dmitri Shifrin: Cybersecurity & AI at NVIDIA
We sat down with the System Security Architecture Manager at NVIDIA, to discuss the convergence of Automotive cybersecurity and AI, as well as NVIDIA’s Morpheus Cybersecurity Framework.
Steve Orrin: Leading Cybersecurity at Intel Corporation and Beyond
In this episode, we talk to Steve Orrin, Chief Technology Officer and Senior PE at Intel Federal, about his unique journey from biology to cybersecurity leadership. We discuss the main challenges faced by federal bodies in the cybersecurity landscape and how they differ across industries like Aerospace, Education, and Healthcare.
Chaitanya Mattur Srinivasamurthy: Leading Cybersecurity at ICU Medical
We sat down with the Sr Director of Cyber Security & Medical Device Connectivity Engineering at ICU Medical to discuss medical device cybersecurity, FDA, and balancing innovation and security.
Paul Schmeltzer: FDA Regulations, AI and Legal Risk
We chatted with the partner at Clark Hill Law about AI, FDA regulations, and cybersecurity legal risks based on his years of experience learning the legal aspects of healthcare and industrial cybersecurity.
Mariana Padilla: Leading The HACKERverse®
We sat down with the Co-founder and CEO of HACKERverse (Recently known as KIKrr) to discuss entrepreneurship, product security, and the power of networking.
Maria Palombini, MBA: All About Standards
We sat down with the Global Practice Leader, Healthcare & Life Sciences, at the IEEE Standards Association | IEEE SA to discuss cybersecurity standards, regulations, and building a career in cybersecurity.
Put the Pro in Product Security
If you’re a customer or partner looking to mature your product security capabilities with the Product Security Platform, then the class is in session. New courses in the Cybellum Academy include:
See other classes in the Academy at academy.cybellum.com
Talk to us
A lot has changed in the last few months regarding standards, regulations, and ecosystem-wide product security cooperation. Reply to this email or book a demo to better understand how we can help you automate and comply with whatever requirements lay ahead.