Automotive Risk Assessment - Observations | Experiences | Lessons Learned

If you like to know more about ASRG, look at our quick introduction at    • Intro to ASRG  , visit our webpage at https://www.asrg.io or contact us directly.


PRESENTATION:

Automotive Risk Assessment according to ISO/SAE 21434 (TARA) is briefly described. While the ISO/SAE standard describes the method step by step in section 15, in practice additional information/experience has to be included for implementation.
Several real-world examples will be presented in the session (e.g., leveling TARAs, threat modeling, …).
After conducting several TARAs, audits of risk assessment processes and technical assessments at different customers (OEM, Tier-x, …), a collection of observations and lessons learned will be presented. Among others:
– Good starting points (architecture matters).
– level of abstraction
– Mechanisms for pre-filtering
Guidance for increasing risk assessment utility and effectiveness is presented. A real-world example of the increasing complexity of a TARA is presented. The risk assessment process for component and function-based risk assessments is described.
Other challenges are mentioned.
As an outlook, interfaces between HARA and TARA are briefly highlighted.

PRESENTER:
Thomas Liedtke
Principal bei Kugler Maag Cie
  / thomas-liedtke-72a86b4a  

Principal consultant @ Kugler Maag Cie
Leader in the expert area Cybersecurity
Certified Information Security and certified Privacy Commissioner
Member of the ISO mirror group defining ISO/SAE 21434 and ISO/PAS 5112
Member advisory board intacs and leader of the intacs Automotive SPICE for Cybersecurity working group
Certified auditor for management systems
Certified ISMS auditor
Working for Functional safety, cybersecurity privacy

PRESENTATION SLIDES: https://garage.asrg.io/events/automot...