Academy

The EU Cyber Resilience Act (CRA): everything decision makers need to know

1-hour to 1-day course | Group course (6-12 people) | The EU’s Cyber Resilience Act, in effect since November 2024, sets new security requirements for all digital products sold in the EU. What does this mean for your business—and how does it align with existing regulations?

Subjects that will be discussed:

  • Overview and deep dive into CRA
  • Secure development lifecycle (SDA) theory and practice

Course Overview

This course will give you a straightforward and comprehensive overview of the CRA and the legislative trends surrounding it. Beyond covering the basics mentioned above, we will also provide insights in the various mechanisms to demonstrate compliance, and discuss tradeoffs between legal certainty and the effort needed for compliance.

Additionally, we will discuss the broader industry trends that have led to the CRA’s creation, ensuring that you have a full-picture overview, and can make proactive rather than reactive decisions. Concretely, we will discuss the trends that have made products more vulnerable in general, the types of attackers you might encounter, and the various risks you should consider.

Finally, we will discuss industry best practices to develop secure products. These include the Secure Development Lifecycle, threat modeling, security testing, DevSecOps, and shift left security. We will discuss both the theory behind these practices, as well as how to effectively and efficiently use them in practice.  We will provide you with insights about the benefits and costs of these approaches, and help you judge the extent to which adopting these would benefit your organization.

Course details

  • Course objectives

    • The content and scope of the CRA
    • How the CRA compares to other legislation and standards
    • The factors to consider when choosing a CRA compliance strategy for your company
    • The larger trends surrounding the CRA and cyber security
    • How to balance the need for security with other company and product needs
    • Technical methods to develop secure products efficiently
    • Organizational strategies to develop secure products efficiently

  • Course format & duration

    There are three different formats of the course with different lengths:

    Webinar/Event session

    Duration: 1 hour. This format is recommended for CTOs.

    Deep dive course

    Duration: 4 hours. This format is recommended for levels close to CTO.

    Workshop

    Duration: 8 hours. This format is recommended for levels close to CTO.

Interested in a company course?

As an independent training provider, we offer hands-on company courses tailored to your specific requirements. Find out how we can shape the perfect Cyber Resilience Act course for you and your team to maximise learning benefit.

Get a free offer