Threat Analysis and Risk Assessment (TARA) Training - ISO/SAE 21434

Course Duration: 2 Days - 8 Hours/day

This three-day seminar will provide the knowledge and skills required to perform Threat Analysis and Risk Assessments (TARA) per the ISO/SAE 21434 Cybersecurity Engineering Standard. This course will give you the information to Plan, Conduct and Report all TARA activities for a vehicle system or sub-system.

This course combines presentations with in-class group exercises to put what you are learning into practice.

Learning Objectives

  • Determine the relationship between SAE J3016/ ISO/SAE 21434 and TARA
  • Plan and perform activities of cybersecurity risk management
  • Determine the applicability of risk assessment methods of ISO/SAE 21434 and SAE J3016
  • Determine the impact rating of a damage scenario
  • Determine the attack feasibility rating for an attack path
  • Evaluate the risk associated with a damage scenario and attack path
  • Select the risk treatment commensurate to the risk.
  • Determine the applicability of other risk assessment methods
  • Plan of TARA activities

Course Outline

Day One

  • Overview of ISO/SAE 21434
  • Overview of TARA
  • Relationship between ISO 21434 and TARA
  • Overview of ISO 31000
  • Cybersecurity Activities of ISO 31000
  • Risk Assessment Methods in ISO/SAE 21434
  • Threat Analysis and Damage Scenarios
  • Impact Rating

Day Two

  • Attack Surfaces
  • Attack Paths
  • Attack Feasibility Rating
  • Risk Assessment Methods: Attack Potential
  • Risk Value Evaluation
  • CAL Evaluation
  • Day Three
  • Risk Mitigation & Treatment
  • Management Cybersecurity Controls
  • Technical Cybersecurity Controls
  • Other Risk Assessment Methods
  • Plan to Implement TARA

Who Should Attend

Those involved in the design, development, and production of electrical and electronic based vehicle products, including the systems, software and hardware engineers, and managers. Basically, all those responsible for the development and implementation of hardware and software systems in vehicles.

Participants should be, or plan to be, actively managing, or involved in, or aware of electrical and/or electronic items, systems, or elements that are incorporated in vehicles. You should also have the abilities, education, and experience required for the above roles.

Course Materials

Each participant will receive a seminar manual including breakout exercises and case studies.

Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.


Participants should be involved in or aware of software and hardware development as it relates to the vehicle industry. A basic understanding of the ISO/SAE 21434 standard is recommended.

Upcoming Training