ISO/SAE 21434 Overview for Safety Engineers and Managers

Course Duration: 2 Days - 8 Hours/day

This two-day seminar will give the participant the base knowledge necessary for practitioners who will be involved in the development and assurance of automotive cybersecurity related to new products utilizing electrical and electronic elements through the use of the ISO/SAE 21434 Automotive Cybersecurity Management System standard applied to Cybersecurity Related Systems that include electric/electronic systems that are installed in production passenger vehicles.

Learning Objectives

  • Tailor the necessary activities to support automotive cybersecurity lifecycle management, development, production, operation, maintenance and decommissioning
  • Understand the integration of ISO/SAE 21434 with ISO 26262, APQP, IATF 16949 and other related standards
  • Understand cybersecurity aspects of the entire development process (requirements specification, design, implementation, integration, verification, validation and validation)
  • Understand the automotive-specific risk-based approach for determining Cybersecurity Assurance Levels (CALs)
  • Use CALs for specifying the necessary cybersecurity requirements for achieving an acceptable residual risk
  • Provide requirements for validation and confirmation measures to ensure a sufficient and acceptable level of cybersecurity is being achieved

Course Outline

Day One

· Overview of Automotive Cybersecurity and ISO/SAE 21434

· Cybersecurity Management (Clauses 5 and 6)

o Organization Cybersecurity Management and Governance

o Breakout Exercise 1: Determine the Applicability of Automotive Cybersecurity and ISO/SAE 21434

o Project Dependent Cybersecurity Management

o Cybersecurity Planning

Seminar Agenda (cont’d)

Day One (cont’d)

· Cybersecurity Management (Clauses 5 and 6) (cont’d)

o Re-use, Component out-of-Context (CooC) and Off-the-Shelf (OTS)

o Cybersecurity Case

o Release for Post-Development Breakout Exercise 2: Define the Cybersecurity Case

o Breakout Exercise 2: Define a Cybersecurity Case

· TARA and the Concept Phase (Clauses 15 & 9)

o Item Definition

o Asset and Threat Scenario Identification

o Impact Rating

o Attack Path Analysis and Attack Feasibility Rating

o Risk Value Determination

o Cybersecurity Assurance Levels (CALs)

o Risk Treatment Decision

o Breakout Exercise 3: Perform a TARA

o Cybersecurity Goals and Cybersecurity Claims

o Cybersecurity Concept

Day Two

· Product Development Phase (Clauses 10 and 11)

o Product Development and Cybersecurity Controls Design

o Refined Cybersecurity Requirements and Architectural Design

o Integration and Verification Activities

· Post-Development Phases (Clauses 12, 13 and 14)

o Overview of Production Phase

o Operations and Maintenance

o End of Cybersecurity Support and Decommissioning

· Continual Cybersecurity Activities (Clause 8)

o Cybersecurity Monitoring

o Criteria for Triage

o Cybersecurity Event Evaluation

o Vulnerability Analysis and Management

o Breakout Exercise 4: Develop Cybersecurity Plans (Continual Cybersecurity Activities and Incidence Response)

· Distributed Cybersecurity Activities (Clause 7)

o Distributed Development

o Supplier Capability

o Request for Quotation

o Alignment of Responsibilit

Who Should Attend

This course is designed for managers, engineers, and new product development support personnel.

Course Materials

Each participant will receive a seminar manual including breakout exercises and case studies.

Note: Omnex does not provide copies of standard(s) during training courses, but clients are encouraged to have their own copy.

Pre-Requisite

Participants should have a working knowledge of their organization’s New Product Development Process.

Upcoming Training

ISO/SAE 21434 Overview for Safety Engineers and Managers Program is available in multiple locations globally, including the USA, Canada, Mexico, India, Europe, Thailand, Singapore, Middle East and China.