Automotive cybersecurity is of growing concern for the entire automotive industry. It is a must-have today, because systems are interconnected, and in one way or the other open for external penetration. Even worse, security directly impacts functionality, user experience and safety, and thus has become subject to product liability. For instance, functional safety is not feasible without a concise approach to cover security.
"Outstanding level of expertise in cybersecurity."
- Michael Prantke, Panasonic
"High practical orientation, concrete personalized action list throughout the entire seminar."
- T. Strauch, Siemens
Security gains has become a key challenge across industries. More and more systems are networked and are attacked. Absolute security does not exist, but you can effectively protect. Our training is the introduction and implementation of risk-based cybersecurity in practice. The following questions are addressed:
How to identify security objectives?
How do I assess the security on the basis of basic methods like TARA (Threat and Risk Analysis)
How can a security objective be deduced from that?
What are the typical threats?
Since there can be no absolute cybersecurity, the focus of the training is on a risk-based approach and on the necessary consistent methodology.
Three different, yet related, approaches will be described in detail, namely:
Product, that is cybersecurity at the system level
Process, covering the implementation of security concepts in the entire life-cycle
Field, that is cybersecurity applicable after-sales activities
This training provides an introduction to the fundamentals and best practices of cybersecurity engineering based on ISO 21434. It introduces Cybersecurity organization and management as well as basic techniques for specification, analysis, testing of Cybersecurity. Many practical examples from our worldwide projects will emphasize how to implement cybersecurity focused culture inside your company and at reasonable cost. Examples include the full set of methods, such as TARA, but also concrete case studies such as over-the-air (OTA) software upgrades.
Introduction, Terminology and Cybersecurity foundations for automotive applications
Overall Cybersecurity Management: Focus on the organization
Project dependent Cybersecurity Management: Responsibilities, plan and case
Continuous Cybersecurity Activities: monitoring, assessment and vulnerability analysis
Security Standards (e.g., SAE-J3061-2016, ISO-SAE-21434), legal obligations and governance
Risk Assessment Methodology: Threat analysis and risk assessment (TARA)
Practical Experience with an example exercise that includes TARA and security engineering: from Asset identification to Security concept
Efficient implementation of security in the lifecycle from the security assets to the risk analysis to the consistent implementation throughout the entire lifecycle
Concept phase including an overview of current state of the art Cybersecurity controls (e.g. Secure Boot and SecOC)
Security by Lifecycle: Verification, Validation and Life-Cycle Management
Cybersecurity Testing: Pentesting and Fuzztesting with practical experience and hands-on case studies
Post development processes: Cybersecurity incident Response and Updates
Additional bonus: The widely used assessment tool COMPASS is presented. You will receive a demo version with full functionality for your own entries.
Breaks: Coffee/Tea around 10:30 and 15:00; lunch break around 12:00.
1000 € plus VAT (2 days)
Admission price includes full documentation on paper and as PDF and also our Vector book on "Automotive Embedded Engineering" with lots of best practices, project experiences and state of the art technology. Naturally, all participants benefit from our rich coffee breaks and a quality lunch in our spectacular Vector restaurant. Each participant will receive a qualifying Vector certificate for this intensive training.
Get a 10% discount (can be combined):
for open online training until March 2021
if you register more than 2 participants of your company
if you book at least 60 days in advance
Full-time students receive a (non-combinable) discount of 70% (on presentation of a valid student card).
Assessment Tool COMPASS
Planning, Execution and Evaluation of Assessments, Audits and Analyses
COMPASS satisfies all requirements that are relevant to an efficient audit and analysis tool. These include support based on different maturity models, assessment methods and other checks, e.g. Threat and Risk Analysis.
From the prominent Vector Forum to our industry-focused trainings and workshops. Join us at Vector Consulting Services for in-depth knowledge, hands-on experience and important expertise. Take part in our events, expand your network and meet technology leaders all over the world.
Do you want to adapt this training to your own examples and challenges? Looking for a workout that delivers practical exercises adjusted to your environment? Then, we suggest that you have this training conducted in-house, where you can decide on focus, speed and the training schedule. We also offer dedicated crash courses for employees and management.
Language: German or English.
On request, we offer our inhouse trainings in Chinese, French, Korean and Turkish.
Engineers in product development, system and software engineers, security and safety engineers and managers, architects, engineering managers, project managers, purchasing, quality managers.
About our Trainers
Dr. Arnulf Braatz is a manager at Vector Consulting Services. Previously he worked as a project manager in development projects as well as a software architect. Dr. Braatz supports companies worldwide to improve their safety and security projects, development processes and change management. He works across industries in the field of engineering methods, system and IT architecture, requirements engineering, and to improve efficiency.
Youssef Rekik is a consultant and software developer at Vector Consulting Services. He is heavily involved in the development of security applications for smart connected embedded devices with focus on network security and communication technologies.
Prof. Dr. Christof Ebert is Managing Director of Vector Consulting Services GmbH. He supports companies worldwide in improving their product development and product strategy as well as in change management. He sits on various supervisory boards, is a professor at the University of Stuttgart and the Sorbonne in Paris, and the author of several renowned books. Twitter: @ChristofEbert.
Global Software and IT
A Guide to Distributed Development, Projects, and Outsourcing
"Global Software and IT" is the new book of Vector with experiences and guidance for distributed software and IT projects. This insightful book delivers proven strategies and practices for software development and IT sourcing on a global scale.