SlideShare a Scribd company logo

ISO21434_public2.pdf

M
MdZahirulIslamPhD

This document summarizes ISO/SAE 21434, which specifies requirements for cybersecurity risk management for road vehicles throughout their lifecycle. It defines a framework with four parts: (1) risk management, (2) product development, (3) operation/maintenance, and (4) an overview of processes and interdependencies. Each part addresses different phases like concept, design, and operation. The framework requires identifying assets, assessing vulnerabilities and threats, analyzing and treating risks, and information sharing. It applies to vehicles with electrical/electronic systems but does not prescribe specific cybersecurity technologies or solutions.

Engineering
1 of 10
Download to read offline
ISO / SAE 21434 Overview Christoph Schmittner
INTRO Scope, Structure
Road Vehicles - Cybersecurity Engineering ISO / SAE 21434 • Scope: This document specifies requirements for cybersecurity risk management for road vehicles, their components and interfaces, throughout engineering (e.g. concept, design, development), production, operation, maintenance, and decommissioning. A framework is defined that includes requirements for cybersecurity process and a common language for communicating and managing cybersecurity risk among stakeholders. This document is applicable to road vehicles that include electrical and electronic (E/E) systems, their interfaces and their communications. This document does not prescribe specific technology or solutions related to cybersecurity. 3 2017-10-30
4 2017-10-30 • 4 Part Groups • PG1 Risk Management • PG2 Product Development • PG3 Operation, Maintenance and other Processes • PG4 Process Overview and Interdependencies • Cross-PG Terms&Definition Group • Sub-PG Groups for specific topics or clauses • Threat Analysis • Concept Clause • Safety&Security interaction • Privacy consideration • All PGs are developing stand alone documents, but they could be integrated (number of parts could change) STRUCTURE
ISO 21434 Part content overview 5 2017-10-30
6 2017-10-30 ISO / SAE 21434 PG1 Cybersecurity Scoping Asset identification Vulnerability Assessment Threat Analysis Risk analysis Risk treatment Risk Management framework Information sharing Cybersecurity Assurance Level Asset Impact / CIA Profile Open Issues: Likelihood estimation
Concept phase System development phase Software development phase Hardware development phase Release for production Verification & Validation System integration and test ISO / SAE 21434 PG2
ISO / SAE 21434 PG3 Post Production Vehicle Lifecycle Production Monitoring during Operation Incident Handling Updates
ISO / SAE 21434 PG4 Bucket List Group Everything agreed but without a clear position Prozess / Organization:  Cybersecurity management across the organization  Cybersecurity incident management system  Management of identified vulnerabilities  Cybersecurity awareness and competence management  Interactions between security and functional safety  Example of a role model regarding cybersecurity Open Issues:  Development of a cybersecurity-related element out of context Project:  Project dependent cybersecurity management  Tailoring of the reference cybersecurity lifecycle  Cybersecurity planning  Cybersecurity audit  Cybersecurity assessment  Management of residual cybersecurity risk Distributed Development:  Evaluation of supplier capability  Engineering Interface Agreement
THANK YOU! Christoph Schmittner, 17.10.2017

Recommended

ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
Bryan Len
 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurity
Dominik Strube
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptx
Shriya Rai
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Incident Response
Incident ResponseIncident Response
Incident Response
MichaelRodriguesdosS1
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
AdaCore
 

Recommended

ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
Bryan Len
 
Understanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurityUnderstanding UNECE WP.29 regulations on cybersecurity
Understanding UNECE WP.29 regulations on cybersecurity
Dominik Strube
 
TARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptxTARA- Automotive Cybersecurity.pptx
TARA- Automotive Cybersecurity.pptx
Shriya Rai
 
NIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - MindmapNIST Cybersecurity Framework - Mindmap
NIST Cybersecurity Framework - Mindmap
WAJAHAT IQBAL
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
 
Incident Response
Incident ResponseIncident Response
Incident Response
MichaelRodriguesdosS1
 
MISRA C in an ISO 26262 context
MISRA C in an ISO 26262 contextMISRA C in an ISO 26262 context
MISRA C in an ISO 26262 context
AdaCore
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
Smart Grid Interoperability Panel
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEM
Siemplify
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
Dr. Anish Cheriyan (PhD)
 
Managed Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperManaged Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) Whitepaper
Marc St-Pierre
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
Thanuja Seneviratne
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
NCC Group
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
Joey Hernandez
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
Siemplify
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
mobile application security
mobile application securitymobile application security
mobile application security
-jyothish kumar sirigidi
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
The Basics of Automotive Ethernet Webinar Slidedeck
The Basics of Automotive Ethernet Webinar SlidedeckThe Basics of Automotive Ethernet Webinar Slidedeck
The Basics of Automotive Ethernet Webinar Slidedeck
teledynelecroy
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
Eryk Budi Pratama
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Mynd company presentation
Mynd company presentationMynd company presentation
Mynd company presentation
Davide Enrico Arnoldi
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
Steve Arnold
 

More Related Content

What's hot

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
Smart Grid Interoperability Panel
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEM
Siemplify
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
Dr. Anish Cheriyan (PhD)
 
Managed Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperManaged Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) Whitepaper
Marc St-Pierre
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
Brencil Kaimba
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
Thanuja Seneviratne
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
NCC Group
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
Steppa Cyber Security
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
Joey Hernandez
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
Siemplify
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
mobile application security
mobile application securitymobile application security
mobile application security
-jyothish kumar sirigidi
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
The Basics of Automotive Ethernet Webinar Slidedeck
The Basics of Automotive Ethernet Webinar SlidedeckThe Basics of Automotive Ethernet Webinar Slidedeck
The Basics of Automotive Ethernet Webinar Slidedeck
teledynelecroy
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
Life Cycle Engineering
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
Eryk Budi Pratama
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 

What's hot (20)

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
Need Of Security Operations Over SIEM
Need Of Security Operations Over SIEMNeed Of Security Operations Over SIEM
Need Of Security Operations Over SIEM
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat Modeling
 
Managed Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperManaged Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) Whitepaper
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
A military perspective on cyber security
A military perspective on cyber securityA military perspective on cyber security
A military perspective on cyber security
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
mobile application security
mobile application securitymobile application security
mobile application security
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
The Basics of Automotive Ethernet Webinar Slidedeck
The Basics of Automotive Ethernet Webinar SlidedeckThe Basics of Automotive Ethernet Webinar Slidedeck
The Basics of Automotive Ethernet Webinar Slidedeck
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 

Similar to ISO21434_public2.pdf

Mynd company presentation
Mynd company presentationMynd company presentation
Mynd company presentation
Davide Enrico Arnoldi
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
Steve Arnold
 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Kenji Taguchi
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Seungjoo Kim
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testing
Axel Rennoch
 
Safe & Sec Case Patterns (ASSURE 2015)
Safe & Sec Case Patterns (ASSURE 2015)Safe & Sec Case Patterns (ASSURE 2015)
Safe & Sec Case Patterns (ASSURE 2015)
Kenji Taguchi
 
Towards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationTowards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluation
Axel Rennoch
 
10 The Automotive Safety Confusion, Fredrik Törner.pdf
10 The Automotive Safety Confusion, Fredrik Törner.pdf10 The Automotive Safety Confusion, Fredrik Törner.pdf
10 The Automotive Safety Confusion, Fredrik Törner.pdf
Milin patel
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
operational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdfoperational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdf
VishalKashyap15069
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
Seungjoo Kim
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
James W. De Rienzo
 
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsComparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment Tools
IRJET Journal
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
David Sweigert
 
2017 ice - meeting safety-related software audits w video
2017 ice - meeting safety-related software audits w video2017 ice - meeting safety-related software audits w video
2017 ice - meeting safety-related software audits w video
M Kevin McHugh
 
Information Security Aspects of the Public Safety Data Interoperability Network
Information Security Aspects of the Public Safety Data Interoperability NetworkInformation Security Aspects of the Public Safety Data Interoperability Network
Information Security Aspects of the Public Safety Data Interoperability Network
Blaz Ivanc
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262
Torben Haagh
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
Industrial Internet Consortium
 
framework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxframework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptx
AshishRanjan546644
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond
PROFIBUS and PROFINET InternationaI - PI UK
 

Similar to ISO21434_public2.pdf (20)

Mynd company presentation
Mynd company presentationMynd company presentation
Mynd company presentation
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLC
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testing
 
Safe & Sec Case Patterns (ASSURE 2015)
Safe & Sec Case Patterns (ASSURE 2015)Safe & Sec Case Patterns (ASSURE 2015)
Safe & Sec Case Patterns (ASSURE 2015)
 
Towards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluationTowards a certification scheme for IoT security evaluation
Towards a certification scheme for IoT security evaluation
 
10 The Automotive Safety Confusion, Fredrik Törner.pdf
10 The Automotive Safety Confusion, Fredrik Törner.pdf10 The Automotive Safety Confusion, Fredrik Törner.pdf
10 The Automotive Safety Confusion, Fredrik Törner.pdf
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
operational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdfoperational-telecom-network-connected-pipeline-design-guide.pdf
operational-telecom-network-connected-pipeline-design-guide.pdf
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
 
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsComparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment Tools
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
 
2017 ice - meeting safety-related software audits w video
2017 ice - meeting safety-related software audits w video2017 ice - meeting safety-related software audits w video
2017 ice - meeting safety-related software audits w video
 
Information Security Aspects of the Public Safety Data Interoperability Network
Information Security Aspects of the Public Safety Data Interoperability NetworkInformation Security Aspects of the Public Safety Data Interoperability Network
Information Security Aspects of the Public Safety Data Interoperability Network
 
Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
framework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptxframework-version-1.1-overview-20180427-for-web-002.pptx
framework-version-1.1-overview-20180427-for-web-002.pptx
 
10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond10. industrial networks safety and security tom hammond
10. industrial networks safety and security tom hammond
 

Recently uploaded

digital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdfdigital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdf
drwaing
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
ClaraZara1
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
VICTOR MAESTRE RAMIREZ
 
spirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptxspirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptx
Madan Karki
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
NidhalKahouli2
 
sieving analysis and results interpretation
sieving analysis and results interpretationsieving analysis and results interpretation
sieving analysis and results interpretation
ssuser36d3051
 
CSM Cloud Service Management Presentarion
CSM Cloud Service Management PresentarionCSM Cloud Service Management Presentarion
CSM Cloud Service Management Presentarion
rpskprasana
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
nooriasukmaningtyas
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
Rahul
 
Wearable antenna for antenna applications
Wearable antenna for antenna applicationsWearable antenna for antenna applications
Wearable antenna for antenna applications
Madhumitha Jayaram
 
14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application
SyedAbiiAzazi1
 
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
University of Maribor
 
DfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributionsDfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributions
gestioneergodomus
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
KrishnaveniKrishnara1
 
Heat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation pptHeat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation ppt
mamunhossenbd75
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
gerogepatton
 
Properties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptxProperties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptx
MDSABBIROJJAMANPAYEL
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
kandramariana6
 
Question paper of renewable energy sources
Question paper of renewable energy sourcesQuestion paper of renewable energy sources
Question paper of renewable energy sources
mahammadsalmanmech
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
ihlasbinance2003
 

Recently uploaded (20)

digital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdfdigital fundamental by Thomas L.floydl.pdf
digital fundamental by Thomas L.floydl.pdf
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
 
spirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptxspirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptx
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
 
sieving analysis and results interpretation
sieving analysis and results interpretationsieving analysis and results interpretation
sieving analysis and results interpretation
 
CSM Cloud Service Management Presentarion
CSM Cloud Service Management PresentarionCSM Cloud Service Management Presentarion
CSM Cloud Service Management Presentarion
 
A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...A review on techniques and modelling methodologies used for checking electrom...
A review on techniques and modelling methodologies used for checking electrom...
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
 
Wearable antenna for antenna applications
Wearable antenna for antenna applicationsWearable antenna for antenna applications
Wearable antenna for antenna applications
 
14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application14 Template Contractual Notice - EOT Application
14 Template Contractual Notice - EOT Application
 
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
 
DfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributionsDfMAy 2024 - key insights and contributions
DfMAy 2024 - key insights and contributions
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
 
Heat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation pptHeat Resistant Concrete Presentation ppt
Heat Resistant Concrete Presentation ppt
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
 
Properties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptxProperties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptx
 
132/33KV substation case study Presentation
132/33KV substation case study Presentation132/33KV substation case study Presentation
132/33KV substation case study Presentation
 
Question paper of renewable energy sources
Question paper of renewable energy sourcesQuestion paper of renewable energy sources
Question paper of renewable energy sources
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
 

ISO21434_public2.pdf

  • 1. ISO / SAE 21434 Overview Christoph Schmittner
  • 3. Road Vehicles - Cybersecurity Engineering ISO / SAE 21434 • Scope: This document specifies requirements for cybersecurity risk management for road vehicles, their components and interfaces, throughout engineering (e.g. concept, design, development), production, operation, maintenance, and decommissioning. A framework is defined that includes requirements for cybersecurity process and a common language for communicating and managing cybersecurity risk among stakeholders. This document is applicable to road vehicles that include electrical and electronic (E/E) systems, their interfaces and their communications. This document does not prescribe specific technology or solutions related to cybersecurity. 3 2017-10-30
  • 4. 4 2017-10-30 • 4 Part Groups • PG1 Risk Management • PG2 Product Development • PG3 Operation, Maintenance and other Processes • PG4 Process Overview and Interdependencies • Cross-PG Terms&Definition Group • Sub-PG Groups for specific topics or clauses • Threat Analysis • Concept Clause • Safety&Security interaction • Privacy consideration • All PGs are developing stand alone documents, but they could be integrated (number of parts could change) STRUCTURE
  • 5. ISO 21434 Part content overview 5 2017-10-30
  • 6. 6 2017-10-30 ISO / SAE 21434 PG1 Cybersecurity Scoping Asset identification Vulnerability Assessment Threat Analysis Risk analysis Risk treatment Risk Management framework Information sharing Cybersecurity Assurance Level Asset Impact / CIA Profile Open Issues: Likelihood estimation
  • 8. ISO / SAE 21434 PG3 Post Production Vehicle Lifecycle Production Monitoring during Operation Incident Handling Updates
  • 9. ISO / SAE 21434 PG4 Bucket List Group Everything agreed but without a clear position Prozess / Organization:  Cybersecurity management across the organization  Cybersecurity incident management system  Management of identified vulnerabilities  Cybersecurity awareness and competence management  Interactions between security and functional safety  Example of a role model regarding cybersecurity Open Issues:  Development of a cybersecurity-related element out of context Project:  Project dependent cybersecurity management  Tailoring of the reference cybersecurity lifecycle  Cybersecurity planning  Cybersecurity audit  Cybersecurity assessment  Management of residual cybersecurity risk Distributed Development:  Evaluation of supplier capability  Engineering Interface Agreement