Introduction to ISO/SAE 21434 Road vehicles Cybersecurity
Purpose
To give an introduction and overview of ISO/SAE 21434 content. Special focus on the early phases, such as risk assessment methods and concept development.
Goals
The participants shall get an overall understanding of
ISO/SAE 21434 structure and content.
Terminology and definitions.
Cybersecurity management including development of a ”Cybersecurity case”.
Continuous cybersecurity activities including vulnerability analysis.
Threat analysis and risk assessment including examples of risk assessment methods.
Cybersecurity requirements and cybersecurity concept.
Product development related to cybersecurity.
Cybersecurity validation.
Connection to ISO 26262.
Day 1
09:00 Introduction
What is cybersecurity?
UNECE regulation 155
ISO/SAE 21434
Comparison with ISO 26262
10:15 Break
10:30 Cybersecurity management
Overall cybersecurity management
Roles & culture
Process relation
Planning
Cybersecurity case
Off-the-shelf & out-of-context components
Item or component reuse
Audits & assessments
12:00 Lunch
13:00 Exercise and discussion
13:30 Distributed cybersecurity activities
Supplier capability
Request for quotation
Cybersecurity interface agreements
Alignment of responsibilities
13:50 Continual cybersecurity activities
Cybersecurity monitoring
Cybersecurity event assessment
Vulnerability analysis
Vulnerability management
Incident response
14:10 Break
14:30 Concept development (1)
Item definition
15:00 Exercise
15:30 Summary
16:00 End
Day 2
09:00 Introduction and recap from Day 1
09:30 Concept development (2) + Exercises
Cybersecurity goals (1)
Threat analysis and risk assessment (TARA)
Risk treatment
10:15 Break
Cybersecurity goals (2)
Cybersecurity goals
Cybersecurity claims
Cybersecurity concept
12:00 Lunch
13:00 Product development
Cybersecurity controls
System requirements
Architectural design
Software development
Vulnerability analysis
Integration and verification
13:45 Exercise
14:15 Break
14:30 Cybersecurity validation
Validation
Release for post-development
15:00 Post-development
Production
Operations and maintenance
Cybersecurity incident response
End of support and decommissioning
15:30 Summary and conclusion
16:00 End
Nohau Training Partner
This course is provided by a Nohau Training Partner, a trusted provider of hands-on training for professionals in embedded systems, software development, and engineering.
