This training is conducted in partnership with Kugler Maag.
TARA IN PRACTICE (AUTOMOTIVE)
In this training you'll be familar with both theoretical and practical knowledge on TARA, the designated risk assessment method of the ISO/SAE 21434 international standard. In the automotive industry, this ISO standard expects company's developing electronic systems to perform TARA multiple times in their entire vehicle or product lifecycle. According ISO/SAE 21434, Clause 8, each risk assessment is done in seven consecutive steps. This requirement – performing TARA on a regular basis and in a controlled manner – results in TARA becoming the pivotal point of cybersecurity-oriented processes.
Content of training:
- Motivation, Terms and Definitions
- Overview on Clause 8: Cybersecurity Risk Assessment Method
- 9 steps provided by the ISO/SAE 21434
- Detailed Walkthrough
- Starting with clause 9: item definition
- Performing a TARA step by step
- Derive Cybersecurity Goals
- Derive Cybersecurity Requirements and their allocation to get the cyber security concept
- Summary and Wrap Up
The training will be performed with such MS tools as PowerPoint and Excel. Each step of creating the TARA will be documented in an prepopulated Excel-based TARA template. This template includes capturing checklists and guidance’s just to name a few. At the end of the training you will have the detailed Excel TARA sheet at your disposal, including sample entries to complete the TARA.
For each step creating the TARA we will use further material to bridge the knowledge gap between the mere ISO/SAE 21434 requirements and practical implementations.
Documents and methods explained and used during the course supporting the creation of the TARA will be: MS STRIDE, ENISA, NIST, MITRE, UNECE, ISO 26262, ATA.
Those employees who:
- need to perform TARA by themselves during their development projects.
- want to instruct their colleagues how to perform risk analyses regularly.
- are responsible for cybersecurity tasks in the future.
Objectives and results
- Be familiar with the Risk Assessment Method of ISO/SAE DIS 21434, Clause 8, the risk based approach on threat analysis
- Get knowledge how to rate different impact categories, attack feasibility and risk value and which of the options we recommend
- Know which additional external sources and methods can be used beside the standard
- Hear about further guidelines and additional sources of information,
- such as ENISA, UNECE, MS STRIDE, …
- Gain knowledge how to apply Clause 8 to benefit from TARA within Clause 9, Concept Phase
- Be familiar with the detailed Excel-based TARA template provided in this course
- Experience how this tool is used stepwise in a case study
- Learn how to moderate a TARA session assisted with the excel tool