Automotive SPICE for Cybersecurity - MAN.7 Cybersecurity Risk Management and TARA

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F61989100%3A27240%2F22%3A10250476" target="_blank" >RIV/61989100:27240/22:10250476 - isvavai.cz</a>

Výsledek na webu

<a href="https://link.springer.com/chapter/10.1007/978-3-031-15559-8_23" target="_blank" >https://link.springer.com/chapter/10.1007/978-3-031-15559-8_23</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-15559-8_23" target="_blank" >10.1007/978-3-031-15559-8_23</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Automotive SPICE for Cybersecurity - MAN.7 Cybersecurity Risk Management and TARA

Popis výsledku v původním jazyce

The Automotive SPICE for Cybersecurity Assessor Course has been developed in Q4/2021 and launched in Jan. 2022. From 6th July 2022 onwards Automotive projects need to declare the coverage of cybersecurity norms (UNECE 155, UNECE 156, ISO 21434) for the homologation of the vehicles in the EU. All car makers request in their customer requirements documents the performance of a TARA (Cybersecurity Threat and Risk Analysis) and all ASPICE assessments for cybersecurity need to evaluate the capability of the process MAN.7 Risk management for Cybersecurity. The Base Practices of MAN.7 are related to the steps of performing and tracking a TARA. In the EU project CyberENG a training for cybersecurity managers and cybersecurity assessors is currently developed which explains how such a TARA is performed and what steps and attributes need to be considered. For the development of the iNTACS ASPICE for cybersecurity assessor training the SOQRATES group contributed practical examples for MAN.7, and SEC.1 to SEC.4 to the course development. This paper outlines how the TARA based on ISO 21434 and ASPICE for cybersecurity is structured and uses the example from the CyberENG project to explain it in practice.

Název v anglickém jazyce

Automotive SPICE for Cybersecurity - MAN.7 Cybersecurity Risk Management and TARA

Popis výsledku anglicky

The Automotive SPICE for Cybersecurity Assessor Course has been developed in Q4/2021 and launched in Jan. 2022. From 6th July 2022 onwards Automotive projects need to declare the coverage of cybersecurity norms (UNECE 155, UNECE 156, ISO 21434) for the homologation of the vehicles in the EU. All car makers request in their customer requirements documents the performance of a TARA (Cybersecurity Threat and Risk Analysis) and all ASPICE assessments for cybersecurity need to evaluate the capability of the process MAN.7 Risk management for Cybersecurity. The Base Practices of MAN.7 are related to the steps of performing and tracking a TARA. In the EU project CyberENG a training for cybersecurity managers and cybersecurity assessors is currently developed which explains how such a TARA is performed and what steps and attributes need to be considered. For the development of the iNTACS ASPICE for cybersecurity assessor training the SOQRATES group contributed practical examples for MAN.7, and SEC.1 to SEC.4 to the course development. This paper outlines how the TARA based on ISO 21434 and ASPICE for cybersecurity is structured and uses the example from the CyberENG project to explain it in practice.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Communications in Computer and Information Science. Volume 1646

ISBN

978-3-031-15558-1

ISSN

1865-0929

e-ISSN

1865-0937

Počet stran výsledku

16

Strana od-do

319-334

Název nakladatele

Springer

Místo vydání

Cham

Místo konání akce

Salzburg

Datum konání akce

31. 8. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—