TÜV Nord ISO 21434 CSCAE 

Cybersecurity Management during Product Engineering (Cyber Physical Systems) 

We will show objectives and requirements for a project dependent cybersecurity management including examples in correlation with overall cybersecurity management.

Further, the interaction with Functional Safety will be explained. Ongoing activities like cybersecurity monitoring, event management, vulnerability analysis and management will be discussed. Nevertheless, examples how to achieve goals for continuous cybersecurity activities will be delivered.

Introduction to TARA (Threat Analysis and Risk Assessment) and introduction to cybersecurity analysis methods, like attack tree analysis and others. You will also get familiar with valuation tables for attack feasibility and estimation of damage, the creation of a risk matrix, parameter and content of attack feasibility, and different terms like damage scenario, threat scenario, and attack path. Examples of performing a TARA are given. The different steps of the risk analysis will be illustrated with exercises.

Verification, Security Testing and Validation of CPSs and Measures after SOP Activities

An important requirement for any cyber physical system is the effectiveness and security of the design and implemented techniques, measures and controls.

We call special attention to verification and testing methods and address techniques like penetration testing and other methods in context of communication systems and other interesting system parts. The training contains examples and strategies on how to analyze finding and using them during testing to improve optimization of the system, hardware and software design further to develop validation strategies and techniques.