ISO/SAE 21434 and Related Standards: Overview for Functional Safety Engineers & Managers
ISO/SAE 21434 and Related Standards Training Overview
Course Duration: 2 Days - 8 Hours/day
This two-day seminar will give the participant the base knowledge necessary for practitioners who will be involved in the development and assurance of automotive cybersecurity related to new products utilizing electrical and electronic elements through the use of the ISO/SAE 21434 Automotive Cybersecurity Management System standard applied to Cybersecurity Related Systems that include electric/electronic systems that are installed in production passenger vehicles. An overview of ISO/IEC 27001, United Nations (UN) regulation WP.29, and VDA ACMS (Automotive Cybersecurity Management System) will also be provided.
Learning Objectives
- Tailor the necessary activities to support automotive cybersecurity lifecycle management, development, production, operation, maintenance and decommissioning
- Understand the integration of ISO/SAE 21434 with ISO 26262, APQP, IATF 16949 and other related standards
- Understand cybersecurity aspects of the entire development process (requirements specification, design, implementation, integration, verification, validation and validation)
- Understand the automotive-specific risk-based approach for determining Cybersecurity Assurance Levels (CALs)
- Use CALs for specifying the necessary cybersecurity requirements for achieving an acceptable residual risk
- Provide requirements for validation and confirmation measures to ensure a sufficient and acceptable level of cybersecurity is being achieved
Competencies
1. Determining the relevance of automotive cybersecurity for specific products
2. Determining the applicability of the ISO 21434 standard in your organization and current products
3. Planning and performing cybersecurity management activities
4. Performing a basic TARA
5. Performing activities of the concept phase
Course Outline
Day One
- Introduction and Overview to ISO/SAE 21434, ISO/IEC 27001, WP.29, and VDA ACMS
- ISO/SAE 21434 Purpose, Scope and Framework
- Organizational Cybersecurity Management (Clause 5)
- Cybersecurity Governance
- Cybersecurity Culture
- Cybersecurity Risk Management
- Cybersecurity Audit
- Information Sharing
- Confirmation Measures
- Project Dependent Cybersecurity Management (Clause 6)
- Tailoring of Cybersecurity Activities
- System or Component out of Context
- Cybersecurity Planning
- Cybersecurity Case
- Breakout Exercise 1: Safety Case Outline
- Post-Development Phases (Clauses 12-14)
- Production, Operation, Maintenance, and Decommissioning
- Concept Phase (Clause 9)
- Cybersecurity Relevance
- Item Definition
- Breakout Exercise 2: Item Definition
Day Two
- Concept Phase (Clause 9) (cont’d)
- Threat Analysis and Risk Assessment (TARA)
- Breakout Exercise 3: Threat and Risk Analysis
- Cybersecurity Goals
- Cybersecurity Concept
- Breakout Exercise 4: Cybersecurity Requirements
- CAL-Oriented and Cybersecurity-Oriented Analyses (Annex E)
- Cybersecurity Assurance Levels (CAL)
- Usage of CALs
- Risk Assessment Methods (Clause 15)
- Asset Identification
- Vulnerability Analysis
- Breakout Exercise 5: Vulnerability Analysis
- Attack Feasibility Analysis
- Risk Determination
- Risk Treatment
Who Should Attend
This course is designed for managers, engineers, and new product development support personnel.
Course Materials
Each participant will receive a seminar manual including breakout exercises and case studies.
Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.
Pre-Requisite
Participants should have a working knowledge of their organization’s New Product Development Process.