Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Summary

Lecture 9 Summary | ICT Service Management | KU Leuven | 2025/26

Rating
-
Sold
2
Pages
15
Uploaded on
13-05-2026
Written in
2025/2026

Exam summary and guest lecture notes from ICT Service Management at KU Leuven, covering product security in practice with Maxim Baele from Toreon. Topics include the Cyber Resilience Act (CRA), OWASP SAMM framework, secure development lifecycle (SDL), and the 4 essential CRA obligations including secure by design and vulnerability management. Essential preparation material for the comprehensive exam, with clear explanations of how SAMM helps organizations achieve CRA compliance and move beyond policy-only approaches to truly secure products.

Show more Read less
Institution
Course

Content preview

ICT SERVICE MANAGEMENT
Lecture 9 — Comprehensive Exam Summary
Guest Lecture — Product Security in Practice (Toreon)
Maxim Baele · Cyber Resilience Act · OWASP SAMM · Secure Development Lifecycle


Overview
Guest lecture by Maxim Baele, Principal Consultant for Product Security at Toreon. Also: OWASP Belgium
chapter leader, OWASP SAMM core team member, OWASP EU Board, OWASP Regulations & Standards
Liaison.




Slide: Maxim's roles in OWASP — bridge-builder

Lecture agenda: context for product security, the Cyber Resilience Act (CRA), OWASP SAMM, SAMM in
practice.

How to build secure products




Slide: 'How to draw an owl' meme — policies ≠ secure products

Organisations think 'draft some policies' is sufficient — but step 2 is 'build the rest of the f***ing owl'. SAMM
fills that gap.

EXAM TIP: Likely exam material: CRA timing/scope/requirements; SAMM 5 business functions × 3
practices each; Security Champion role; SDL phases.

Lecture 9 — ICT Service Management — Page 1

, Part 1 — Context




Slide: Information security definition


Term Definition
Information security Set of procedures and tools to protect sensitive enterprise info. Covers
physical/env, access control, cybersecurity.


Formalisation timeline:
• 1980s — Orange Book (US DoD)
• 1990s-2010s — cybersecurity evolves as sub-domain
• 2020s — Supply Chain Security AND PRODUCT SECURITY emerge as new sub-domains




Lecture 9 — ICT Service Management — Page 2

Connected book

Written for

Institution
Study
Course

Document information

Summarized whole book?
Yes
Uploaded on
May 13, 2026
Number of pages
15
Written in
2025/2026
Type
SUMMARY

Subjects

$8.22
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller
Seller avatar
yervandkosyan

Also available in package deal

Get to know the seller

Seller avatar
yervandkosyan Katholieke Universiteit Leuven
Follow You need to be logged in order to follow users or courses
Sold
3
Member since
2 year
Number of followers
0
Documents
14
Last sold
3 weeks ago

0.0

0 reviews

5
0
4
0
3
0
2
0
1
0

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions