Skip to main content

eServices scheduled downtime, July 11–July 13 | Fall 2025 Registration window now open. | Undergraduate Final Deadline is July 28 for fall term
Metropolitan State University (Home)

CYBR 375 Risk and Security Controls for Medical Devices

The medical device industry faces unique cybersecurity challenges due to the direct impact of security threats on patient health and safety. To address these risks, cybersecurity professionals leverage established control frameworks and risk management methodologies to assess and mitigate potential threats.This course provides an in-depth exploration of cybersecurity risk management in the medical device sector, emphasizing the application of industry-recognized control frameworks such as those developed by the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO). Students will gain hands-on experience in identifying, evaluating, and mitigating cybersecurity risks through threat modeling, security assessments, and the implementation of appropriate security controls. Key topics include cybersecurity risk assessment methodologies, security-by-design principles, technical solutions for securing connected medical devices, and strategies for effectively communicating cybersecurity risks to stakeholders. Through case studies, risk assessment exercises, and technical labs, students will develop the practical skills required to safeguard medical devices throughout their lifecycle.

Prerequisites

Special information

First day attendance is mandatory.
Note: Students are responsible to both be aware of and abide by prerequisites for ICS/CYBR courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
4 Undergraduate credits

Effective May 2, 2024 to present

Learning outcomes

General

  • Describe foundational cybersecurity concepts and key terminology related to risk management and mitigation in the medical device industry.
  • Examine and evaluate prevailing cybersecurity control frameworks and determine their applicability in securing medical devices.
  • Apply risk assessment methodologies and tools from leading institutions to systematically evaluate medical device cybersecurity risks.
  • Demonstrate proficiency in conducting cybersecurity assessments, including risk analysis, reporting findings, and proposing mitigation strategies.
  • Implement appropriate security control frameworks and technical solutions to enhance the security of Internet-connected medical devices.
  • Integrate security-by-design principles into the medical device development lifecycle to reduce cybersecurity risks and improve resilience.
  • Assess and justify ethical considerations in medical device risk management, including patient safety, regulatory compliance, and responsible disclosure of vulnerabilities.