Abstract
The Automotive SPICE for Cybersecurity Assessor Course has been developed in Q4/2021 and launched in Jan. 2022. From 6th July 2022 onwards Automotive projects need to declare the coverage of cybersecurity norms (UNECE 155, UNECE 156, ISO 21434) for the homologation of the vehicles in the EU. All car makers request in their customer requirements documents the performance of a TARA (Cybersecurity Threat and Risk Analysis) and all ASPICE assessments for cybersecurity need to evaluate the capability of the process MAN.7 Risk management for Cybersecurity. The Base Practices of MAN.7 are related to the steps of performing and tracking a TARA. In the EU project CyberENG a training for cybersecurity managers and cybersecurity assessors is currently developed which explains how such a TARA is performed and what steps and attributes need to be considered. For the development of the iNTACS ASPICE for cybersecurity assessor training the SOQRATES group contributed practical examples for MAN.7, and SEC.1 to SEC.4 to the course development. This paper outlines how the TARA based on ISO 21434 and ASPICE for cybersecurity is structured and uses the example from the CyberENG project to explain it in practice.
Original language | English |
---|---|
Title of host publication | Systems, Software and Services Process Improvement |
Subtitle of host publication | 29th European Conference, EuroSPI 2022, Proceedings |
Editors | Murat Yilmaz, Paul Clarke, Richard Messnarz, Bruno Wöran |
Place of Publication | Cham |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 319-334 |
Number of pages | 16 |
ISBN (Print) | 9783031155581 |
DOIs | |
Publication status | Published - 2022 |
Event | 29th European Systems, Software and Services Process Improvement: EuroSPI 2022 - Salzburg, Austria Duration: 31 Aug 2022 → 2 Sept 2022 Conference number: 29 https://conference.eurospi.net/index.php/en/ |
Publication series
Name | Communications in Computer and Information Science |
---|---|
Volume | 1646 CCIS |
ISSN (Print) | 1865-0929 |
ISSN (Electronic) | 1865-0937 |
Conference
Conference | 29th European Systems, Software and Services Process Improvement |
---|---|
Abbreviated title | EuroSPI 2022 |
Country/Territory | Austria |
City | Salzburg |
Period | 31/08/22 → 2/09/22 |
Internet address |
Keywords
- Cybersecurity assessment
- Cybersecurity threat and risk analysis
- MAN.7 risk management for Cybersecurity
- TARA
ASJC Scopus subject areas
- Computer Science(all)
- Mathematics(all)