Introduction to ISO/SAE 21434 Road vehicles Cybersecurity (2 day course)
Place: Onsite/online
Language: English or Swedish
Request more information
Magnus Kindberg (SE, NO)
Phone: +46 (0)40 59 22 22
magnus.kindberg@nohau.se
Heidi Lehtomäki – Finland
phone: +358 40 196 0142
heidi.lehtomaki@nohau.fi
Klaus Ahrensbach – Denmark
Phone: +45 3116 1019
ka@nohau.dk
Purpose
To give an introduction and overview of ISO/SAE 21434 content. Special focus on the early phases, such as risk assessment methods and concept development.
Goals
- The participants shall get an overall understanding of
- ISO/SAE 21434 structure and content.
- Terminology and definitions.
- Cybersecurity management including development of a ”Cybersecurity case”.
- Continuous cybersecurity activities including vulnerability analysis.
- Threat analysis and risk assessment including examples of risk assessment methods.
- Cybersecurity requirements and cybersecurity concept.
- Product development related to cybersecurity.
- Cybersecurity validation.
- Connection to ISO 26262.
Day 1
09:00 Introduction
- What is cybersecurity?
- UNECE regulation 155
- ISO/SAE 21434
- Comparison with ISO 26262
10:15 Break
10:30 Cybersecurity management
- Overall cybersecurity management
- Roles & culture
- Process relation
- Planning
- Cybersecurity case
- Off-the-shelf & out-of-context components
- Item or component reuse
- Audits & assessments
12:00 Lunch
13:00 Exercise and discussion
13:30 Distributed cybersecurity activities
- Supplier capability
- Request for quotation
- Cybersecurity interface agreements
- Alignment of responsibilities
13:50 Continual cybersecurity activities
- Cybersecurity monitoring
- Cybersecurity event assessment
- Vulnerability analysis
- Vulnerability management
- Incident response
14:10 Break
14:30 Concept development (1)
- Item definition
15:00 Exercise
15:30 Summary
16:00 End
Day 2
09:00 Introduction and recap from Day 1
09:30 Concept development (2) + Exercises
- Cybersecurity goals (1)
- Threat analysis and risk assessment (TARA)
- Risk treatment
10:15 Break
- Cybersecurity goals (2)
- Cybersecurity goals
- Cybersecurity claims
- Cybersecurity concept
12:00 Lunch
13:00 Product development
- Cybersecurity controls
- System requirements
- Architectural design
- Software development
- Vulnerability analysis
- Integration and verification
13:45 Exercise
14:15 Break
14:30 Cybersecurity validation
- Validation
- Release for post-development
15:00 Post-development
- Production
- Operations and maintenance
- Cybersecurity incident response
- End of support and decommissioning
15:30 Summary and conclusion
16:00 End