TÜV Nord ISO 21434 CSCAE 

Day 1

Cybersecurity Management during Product Engineering (Cyber Physical Systems) 

We will show objectives and requirements for a project dependent cybersecurity management including examples in correlation with overall cybersecurity management.

Further, the interaction with Functional Safety will be explained. Ongoing activities like cybersecurity monitoring, event management, vulnerability analysis and management will be discussed. Nevertheless, examples how to achieve goals for continuous cybersecurity activities will be delivered.

Introduction to TARA (Threat Analysis and Risk Assessment) and introduction to cybersecurity analysis methods, like attack tree analysis and others. You will also get familiar with valuation tables for attack feasibility and estimation of damage, the creation of a risk matrix, parameter and content of attack feasibility, and different terms like damage scenario, threat scenario, and attack path. Examples of performing a TARA are given. The different steps of the risk analysis will be illustrated with exercises.

Days 2 and 3

Security Engineering - Security Development Lifecycle and Design Methods

The "security by design" principles that must be integrated into the entire development and product life cycle, starting with the initial idea to the achievement of the "end of life" of a product will be discussed. Further, we will discuss in detail the aspects of the cybersecurity engineering activities.

• Security Engineering Process for Embedded Systems
• Development of the Cybersecurity Concepts
• Technical Measures and Strategies implementing Cybersecurity in Embedded
• Systems covering HW and SW related Aspects
• System related Design Patterns
• Software Design Process in Cybersecurity of Embedded Systems
• Introduction to Cryptography for Embedded Systems
• Secure Communication
• Management of Tools and Confidence in Tools
• Introduction to Verification and Methods in Cybersecurity Engineering during Engineering

Day 4

Verification, Security Testing and Validation of CPSs and Measures after SOP Activities

An important requirement for any cyber physical system is the effectiveness and security of the design and implemented techniques, measures and controls.

We call special attention to verification and testing methods and address techniques like penetration testing and other methods in context of communication systems and other interesting system parts. The training contains examples and strategies on how to analyze finding and using them during testing to improve optimization of the system, hardware and software design further to develop validation strategies and techniques.