Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA

Richard Messnarz; Damjan Ekert; Georg Macher; Svatopluk Stolfa; Jakub Stolfa; Alexander Much

doi:10.1007/978-3-031-15559-8_23

Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA

Richard Messnarz^*, Damjan Ekert, Georg Macher, Svatopluk Stolfa, Jakub Stolfa, Alexander Much

^*Korrespondierende/r Autor/-in für diese Arbeit

Institut für Technische Informatik (4480)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

The Automotive SPICE for Cybersecurity Assessor Course has been developed in Q4/2021 and launched in Jan. 2022. From 6^th July 2022 onwards Automotive projects need to declare the coverage of cybersecurity norms (UNECE 155, UNECE 156, ISO 21434) for the homologation of the vehicles in the EU. All car makers request in their customer requirements documents the performance of a TARA (Cybersecurity Threat and Risk Analysis) and all ASPICE assessments for cybersecurity need to evaluate the capability of the process MAN.7 Risk management for Cybersecurity. The Base Practices of MAN.7 are related to the steps of performing and tracking a TARA. In the EU project CyberENG a training for cybersecurity managers and cybersecurity assessors is currently developed which explains how such a TARA is performed and what steps and attributes need to be considered. For the development of the iNTACS ASPICE for cybersecurity assessor training the SOQRATES group contributed practical examples for MAN.7, and SEC.1 to SEC.4 to the course development. This paper outlines how the TARA based on ISO 21434 and ASPICE for cybersecurity is structured and uses the example from the CyberENG project to explain it in practice.

Originalsprache	englisch
Titel	Systems, Software and Services Process Improvement
Untertitel	29th European Conference, EuroSPI 2022, Proceedings
Redakteure/-innen	Murat Yilmaz, Paul Clarke, Richard Messnarz, Bruno Wöran
Erscheinungsort	Cham
Herausgeber (Verlag)	Springer Science and Business Media Deutschland GmbH
Seiten	319-334
Seitenumfang	16
ISBN (Print)	9783031155581
DOIs	https://doi.org/10.1007/978-3-031-15559-8_23
Publikationsstatus	Veröffentlicht - 2022
Veranstaltung	29th European Systems, Software and Services Process Improvement & Innovation Conference 2022: EuroSPI 2022 - Salzburg, Österreich Dauer: 31 Aug. 2022 → 2 Sept. 2022 Konferenznummer: 29 https://conference.eurospi.net/index.php/en/

Publikationsreihe

Name	Communications in Computer and Information Science
Band	1646 CCIS
ISSN (Print)	1865-0929
ISSN (elektronisch)	1865-0937

Konferenz

Konferenz	29th European Systems, Software and Services Process Improvement & Innovation Conference 2022
Kurztitel	EuroSPI 2022
Land/Gebiet	Österreich
Ort	Salzburg
Zeitraum	31/08/22 → 2/09/22
Internetadresse	https://conference.eurospi.net/index.php/en/

ASJC Scopus subject areas

Allgemeine Computerwissenschaft
Allgemeine Mathematik

Zugriff auf Dokument

10.1007/978-3-031-15559-8_23

Andere Dateien und Links

Verknüpfung zur Publikation in Scopus

Dieses zitieren

Messnarz, R., Ekert, D., Macher, G., Stolfa, S., Stolfa, J., & Much, A. (2022). Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA. in M. Yilmaz, P. Clarke, R. Messnarz, & B. Wöran (Hrsg.), Systems, Software and Services Process Improvement : 29th European Conference, EuroSPI 2022, Proceedings (S. 319-334). (Communications in Computer and Information Science; Band 1646 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-15559-8_23

Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA. / Messnarz, Richard; Ekert, Damjan; Macher, Georg et al.
Systems, Software and Services Process Improvement : 29th European Conference, EuroSPI 2022, Proceedings. Hrsg. / Murat Yilmaz; Paul Clarke; Richard Messnarz; Bruno Wöran. Cham: Springer Science and Business Media Deutschland GmbH, 2022. S. 319-334 (Communications in Computer and Information Science; Band 1646 CCIS).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Messnarz, R, Ekert, D, Macher, G, Stolfa, S, Stolfa, J & Much, A 2022, Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA. in M Yilmaz, P Clarke, R Messnarz & B Wöran (Hrsg.), Systems, Software and Services Process Improvement : 29th European Conference, EuroSPI 2022, Proceedings. Communications in Computer and Information Science, Bd. 1646 CCIS, Springer Science and Business Media Deutschland GmbH, Cham, S. 319-334, 29th European Systems, Software and Services Process Improvement & Innovation Conference 2022, Salzburg, Österreich, 31/08/22. https://doi.org/10.1007/978-3-031-15559-8_23

Messnarz R, Ekert D, Macher G, Stolfa S, Stolfa J, Much A. Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA. in Yilmaz M, Clarke P, Messnarz R, Wöran B, Hrsg., Systems, Software and Services Process Improvement : 29th European Conference, EuroSPI 2022, Proceedings. Cham: Springer Science and Business Media Deutschland GmbH. 2022. S. 319-334. (Communications in Computer and Information Science). doi: 10.1007/978-3-031-15559-8_23

Messnarz, Richard ; Ekert, Damjan ; Macher, Georg et al. / Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA. Systems, Software and Services Process Improvement : 29th European Conference, EuroSPI 2022, Proceedings. Hrsg. / Murat Yilmaz ; Paul Clarke ; Richard Messnarz ; Bruno Wöran. Cham : Springer Science and Business Media Deutschland GmbH, 2022. S. 319-334 (Communications in Computer and Information Science).

@inproceedings{873583d23d7441f3adb50fab06557929,

title = "Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA",

abstract = "The Automotive SPICE for Cybersecurity Assessor Course has been developed in Q4/2021 and launched in Jan. 2022. From 6th July 2022 onwards Automotive projects need to declare the coverage of cybersecurity norms (UNECE 155, UNECE 156, ISO 21434) for the homologation of the vehicles in the EU. All car makers request in their customer requirements documents the performance of a TARA (Cybersecurity Threat and Risk Analysis) and all ASPICE assessments for cybersecurity need to evaluate the capability of the process MAN.7 Risk management for Cybersecurity. The Base Practices of MAN.7 are related to the steps of performing and tracking a TARA. In the EU project CyberENG a training for cybersecurity managers and cybersecurity assessors is currently developed which explains how such a TARA is performed and what steps and attributes need to be considered. For the development of the iNTACS ASPICE for cybersecurity assessor training the SOQRATES group contributed practical examples for MAN.7, and SEC.1 to SEC.4 to the course development. This paper outlines how the TARA based on ISO 21434 and ASPICE for cybersecurity is structured and uses the example from the CyberENG project to explain it in practice.",

keywords = "Cybersecurity assessment, Cybersecurity threat and risk analysis, MAN.7 risk management for Cybersecurity, TARA",

author = "Richard Messnarz and Damjan Ekert and Georg Macher and Svatopluk Stolfa and Jakub Stolfa and Alexander Much",

note = "Publisher Copyright: {\textcopyright} 2022, Springer Nature Switzerland AG.; 29th European Systems, Software and Services Process Improvement : EuroSPI 2022, EuroSPI 2022 ; Conference date: 31-08-2022 Through 02-09-2022",

year = "2022",

doi = "10.1007/978-3-031-15559-8_23",

language = "English",

isbn = "9783031155581",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "319--334",

editor = "Murat Yilmaz and Paul Clarke and Richard Messnarz and Bruno W{\"o}ran",

booktitle = "Systems, Software and Services Process Improvement",

address = "Germany",

url = "https://conference.eurospi.net/index.php/en/",

}

TY - GEN

T1 - Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA

AU - Messnarz, Richard

AU - Ekert, Damjan

AU - Macher, Georg

AU - Stolfa, Svatopluk

AU - Stolfa, Jakub

AU - Much, Alexander

N1 - Conference code: 29

PY - 2022

Y1 - 2022

N2 - The Automotive SPICE for Cybersecurity Assessor Course has been developed in Q4/2021 and launched in Jan. 2022. From 6th July 2022 onwards Automotive projects need to declare the coverage of cybersecurity norms (UNECE 155, UNECE 156, ISO 21434) for the homologation of the vehicles in the EU. All car makers request in their customer requirements documents the performance of a TARA (Cybersecurity Threat and Risk Analysis) and all ASPICE assessments for cybersecurity need to evaluate the capability of the process MAN.7 Risk management for Cybersecurity. The Base Practices of MAN.7 are related to the steps of performing and tracking a TARA. In the EU project CyberENG a training for cybersecurity managers and cybersecurity assessors is currently developed which explains how such a TARA is performed and what steps and attributes need to be considered. For the development of the iNTACS ASPICE for cybersecurity assessor training the SOQRATES group contributed practical examples for MAN.7, and SEC.1 to SEC.4 to the course development. This paper outlines how the TARA based on ISO 21434 and ASPICE for cybersecurity is structured and uses the example from the CyberENG project to explain it in practice.

AB - The Automotive SPICE for Cybersecurity Assessor Course has been developed in Q4/2021 and launched in Jan. 2022. From 6th July 2022 onwards Automotive projects need to declare the coverage of cybersecurity norms (UNECE 155, UNECE 156, ISO 21434) for the homologation of the vehicles in the EU. All car makers request in their customer requirements documents the performance of a TARA (Cybersecurity Threat and Risk Analysis) and all ASPICE assessments for cybersecurity need to evaluate the capability of the process MAN.7 Risk management for Cybersecurity. The Base Practices of MAN.7 are related to the steps of performing and tracking a TARA. In the EU project CyberENG a training for cybersecurity managers and cybersecurity assessors is currently developed which explains how such a TARA is performed and what steps and attributes need to be considered. For the development of the iNTACS ASPICE for cybersecurity assessor training the SOQRATES group contributed practical examples for MAN.7, and SEC.1 to SEC.4 to the course development. This paper outlines how the TARA based on ISO 21434 and ASPICE for cybersecurity is structured and uses the example from the CyberENG project to explain it in practice.

KW - Cybersecurity assessment

KW - Cybersecurity threat and risk analysis

KW - MAN.7 risk management for Cybersecurity

KW - TARA

UR - http://www.scopus.com/inward/record.url?scp=85137985749&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-15559-8_23

DO - 10.1007/978-3-031-15559-8_23

M3 - Conference paper

AN - SCOPUS:85137985749

SN - 9783031155581

T3 - Communications in Computer and Information Science

SP - 319

EP - 334

BT - Systems, Software and Services Process Improvement

A2 - Yilmaz, Murat

A2 - Clarke, Paul

A2 - Messnarz, Richard

A2 - Wöran, Bruno

PB - Springer Science and Business Media Deutschland GmbH

CY - Cham

T2 - 29th European Systems, Software and Services Process Improvement

Y2 - 31 August 2022 through 2 September 2022

ER -

Automotive SPICE for Cybersecurity – MAN.7 Cybersecurity Risk Management and TARA

Abstract

Publikationsreihe

Konferenz

ASJC Scopus subject areas

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Dieses zitieren