Course Code: bspkisoautocs
Duration: 21 hours
Prerequisites:

This is a bespoke offer for Nippon Seiki.

Overview:

This is a bespoke 3 day (21 hours) event with 2 days devoted to course delivery and a further 1 day workshop.

Course Outline:

ISO/SAE 21434 Road Vehicles – Cybersecurity Engineering – Management and  establishment of cybersecurity adoption process 

1. Introduction to Cybersecurity – Brief description of cryptographic mechanisms,  presentation of basic information. 

a) Cybersecurity basic understanding 

b) Standards of Security 

c) Common Techniques 

2. UN-ECE WP.29/R155, R156 regulations – How to comply with regulations? Why  should we talk about regulations and not specific standards? Other standards  related to CSMS. 

a) Basic information 

b) Overview of Cybersecurity Management System 

c) Coexistence of standards within CSMS and SUMS 

3. Organizational Cybersecurity Management - What is the role of management  in ISO 21434 process. How the implementation of ISO 21434 can impact your  organization? Is it possible to combine ISO and ASPICE? 

a) Definition of organization specific processes 

b) Establishing of Security Culture 

c) Evidence of Quality Management 

d) Evidence of Configuration Management 

e) Documentation Management Process 

f) Continuous Improvement Porcess 

g) Cybersecurity Risk Management 

h) Information Sharing 

i) Information Security Management 

j) Organizational Cybersecurity Audit 

4. Cybersecurity Management at organizational level – Project dependent  cybersecurity management. New roles in organization due to the ISO 21434.  What are possible Cybersecurity organization setups, which one are msot  efficient? How existing processes in organization can support Cybersecurity?

a) Cybersecurity Monitoring 

b) Cybersecurity Event Assessment 

c) Vulnerability Analysis 

d) Vulnerability Management 

e) Risk Assessment Methods 

4.e.1. Assets Identification 

4.e.2. Threat Scenario Identification 

4.e.3. Impact Rating 

4.e.4. Attack Path Analysis 

4.e.5. Attack Feasibility Rating 

4.e.6. Risk Determination 

4.e.7. Risk Treatment Decision 

5. Cybersecurity and Quality Management (incl. ASPICE) during Concept  Phase and Product Development Phase – How to manage requirements in  security-related project? What are security goals, security concept and security  requirements and how to handle them? Specification of security requirements;  traceability; verficiation; relation to safety analysis. 

a.1. Item Definition 

a.2. Threat Analysis and Risk Assessment 

a.3. Security Concept

a.4. Item Integration and Testing 

a.5. Hardware Security Requirements 

a.6. Hardware Design 

a.7. Software Security Requirements 

a.8. Software Design 

6. Cybersecurity Management duirng Post-development phases – Methods for  process determination. Communication plan. Remediation actions for  cybersecurity. Criteria for closure and actions upon closure. 

a) Release for production 

b) Production 

c) Operation, service and decommissioning 

d) Establishment of Cybersecurity Incident Response Team 

6.d.1. Cybersecurity Incident Response Evaluation 

6.d.2. Cybersecurity Incident Response Report