2025-11-15 –, Hochschule München - R1.006
Short Abstract
This workshop aims to equip stakeholders with the knowledge and practical approaches needed to implement the security by design principle in line with existing regulations, while addressing the challenges of security–legal interaction that arise in the process.
Organizational Information
The workshop will be run in two independent parts: privacy by design (with a focus on the General Data Protection Regulation) from 9:00 till 13:00 and security by design (with a focus on the Cyber Resilience Act) from 14:00 till 18:00. Participants are welcome to take part in both privacy and security by design parts.
Please preregister for the workshop using the following link:
https://forms.gle/5ec34c155G7aQwSPA
Your preregistration will help us to better organize the workshop and assure better experience during the workshop (incl. availability of seats for everyone). No personal data is required for registration, only your preferences.
We will organize snacks and tea/coffee during the workshop to make sure participants have enough energy and motivation!
Detailed Description
Privacy and security by design are core principles in modern software product development. Yet, the legal requirements set by the Cyber Resilience Act (CRA) and the GDPR are hard to translate into engineering terms and integrate into system architecture. Balancing legal demands with stakeholder needs and ensuring clear engineering-legal communication is challenging due to the abstractness of regulations and the need for legal expertise.
Participants will be guided through a structured process, using handouts, to interpret regulatory requirements and engage with other stakeholder perspectives in the implementation of security or privacy by design. They will complete models and structured templates that support understanding legal requirements and promote shared interpretations of "by design" principles.
The workshop will also include a role-play exercise, in which participants adopt the perspective of one of four key stakeholder groups—requirements/system analyst, architect, security / privacy / legal expert, or management—to explore strategies for effective cross-functional coordination. Supplementary materials will be provided to support participants who may not have expertise in their assigned domain.
The objectives of the session are to: (1) foster a deeper understanding of security by design requirements in line with existing regulations, (2) introduce practical approaches for implementing security by design, and (3) develop skills for effective legal-security collaboration during implementation.
Preliminary Agenda
- Discussion of challenges to security / privacy by design.
- Analysis of provided scenarios for S/PbD.
- Analysis of the roles and goals involved.
- Role-specific information specification.
- Collaborative requirements definition.
- Discussion, experience exchange, Q&A
Shape the agenda by filling-in the preregistration form and add you expectations:
https://forms.gle/5ec34c155G7aQwSPA
security by design, cybersecurity compliance, security stakeholders, security requirements
Alex is a researcher affiliated with public institutions in Germany and Sweden, focusing on security, privacy, and compliance by design. Prior to his research career, he worked as an information security engineer, consultant, and process architect.