ISO21434 Automotive Cyber Security Red Belt Certification
Course Identifier: e31-001
During the two-day training program you will become familiar with relevant cyber security terminology and activities, you get an excellent understanding of the ISO21434 Standard and you will learn to apply your new knowledge and skills within the practice of your own organization.
On the third day, an optional final exam can verifiy and demonstrate your new skills.
Our course is structured based on a top-down approach allowing trainees to book one or multiple days tailored to their needs. However, the exam given the third day requires that all training days (1-to-2) have been followed by the trainee.
Agenda
Day 1 – ISO21434 – Introduction to general cyber security and CSMS
Introduction to general cyber security
- Trends & threats
- Primitives
- Principles
- Technologies and algorithms
ISO21434 Overview
- Alignment with FuSa (ISO26262)
- Purposes
- Framework
Overall Cyber Security Management (Clause5)
- Governance
- Culture
- Risk Management
- Audit
- Information sharings
- QMS / ISMS
Project dependent Cyber Security Management (Clause 6)
- Tailoring of activities
- Reuse / Component out of context / COTS
- CS Planning
- CS Case
- Release for post-development
Continuous CS activities (Clause 7)
- CS monitoring
- CS event assessment
- Vulnerability analysis / management
Distributed CS activities (Clause 15)
- Supplier capabilities
- Request for Quotations
- Cybersecurity Interface Agreement for Development (CIAD)
Day 2 – ISO21434 – Applying the standard from the concept phase to the decommissioning
Risk Assessment Methods (Clause 8)
- Asset Identification
- Threat scenario identification
- Impact analysis
- Attack path analysis
- Attack Feasibility Analysis
- Risk Determination
- Risk Treatment
Concept Phase (Clause 9)
- CS Relevance
- Item Definition
- Threat Analysis and Risk Assessment (TARA)
- CS Goals
- CS claims
- CS Concept
- Cybersecurity Assurance Levels (CAL)
Product Development (Clause 10-11)
- Introduction to Design / specification activities
- Cyber security requirements (incl. SW-specific ones)
- Secure Hardware (principles, technologies examples…)
- Secure SW principles (principles, technologies examples…)
- Introduction to verification / integration activities
- Cybersecurity testing
- Validation at Vehicle Level & Release for Post-Development
Post-development phases (Clause 12-14)
- Production (Production control plan, intro to IEC62443…
- Operation & Maintenance (Incident-response, updates…)
- Secure decommissioning
Training summary
Day 3 – Certification exam
The exam will be taken at the end of the course.
In case the individual trainee achieves a minimum of 75% of the total score he/she will receive a certificate valid for a period of 3 years.
In case of non-achievement of the minimum score he/she will receive a confirmation of participation.
Upon the agreement of the individual we publish his/her certificate and validity on our registry accessible through our website.
Please find our additional resources below: