Academy The EU Cyber Resilience Act (CRA): everything decision makers need to know In November 2024, the EU introduced the Cyber Resilience Act (CRA) to strengthen the security of all digital products sold in the EU. Its wide scope will impact many organizations. But what does this mean in practice? What requirements must products meet to be CRA-compliant? What organizational processes does it mandate? And how does it align with existing regulations and standards? Shouldn't those already cover these requirements? Subjects that will be discussed: Overview and deep dive into CRA Secure development lifecycle (SDA) theory and practice Course Overview This course will give you a straightforward and comprehensive overview of the CRA and the legislative trends surrounding it. Beyond covering the basics mentioned above, we will also provide insights in the various mechanisms to demonstrate compliance, and discuss tradeoffs between legal certainty and the effort needed for compliance. Additionally, we will discuss the broader industry trends that have led to the CRA’s creation, ensuring that you have a full-picture overview, and can make proactive rather than reactive decisions. Concretely, we will discuss the trends that have made products more vulnerable in general, the types of attackers you might encounter, and the various risks you should consider. Finally, we will discuss industry best practices to develop secure products. These include the Secure Development Lifecycle, threat modeling, security testing, DevSecOps, and shift left security. We will discuss both the theory behind these practices, as well as how to effectively and efficiently use them in practice. We will provide you with insights about the benefits and costs of these approaches, and help you judge the extent to which adopting these would benefit your organization. Course objectives The content and scope of the CRA How the CRA compares to other legislation and standards The factors to consider when choosing a CRA compliance strategy for your company The larger trends surrounding the CRA and cyber security How to balance the need for security with other company and product needs Technical methods to develop secure products efficiently Organizational strategies to develop secure products efficiently Duration There are three different formats of the course with different lengths: Webinar/Event session Webinar/Event session Duration: 1 hour. This format is recommended for CTOs. Deep dive course Deep dive course Duration: 4 hours. This format is recommended for levels close to CTO. Workshop Workshop Duration: 8 hours. This format is recommended for levels close to CTO. Course Language English/German Format on-site & remote (via MS Teams) Ask for a corporate course Get a free offer for a corporate training, tailored to your needs. Ask for a course Show interest in a public course Contact us if you are interested in a public course. Show interest