Performing a Cybersecurity Threat Analysis and Risk Assessment

SAE J3061 sets out a recommended cybersecurity engineering process framework for organizations developing cyber physical systems. One of the recommendations of this framework is to carry out a threat analysis and risk assessment early in the product development. A threat analysis identifies and models the relevant threats against assets, and a risk assessment classifies the impact and likelihood associated with each threat. The approach enables the prioritization of risks and appropriate risk treatment measures to be determined in subsequent development phases.

This live, online course, delivered in three, two-hour sessions, provides participants with the knowledge of appropriate methods to carry out threat analysis and risk assessment for the development of a typical vehicle feature.

What Will You Learn

By participating in this web seminar, you will be able to:
  • Identify relevant threats
  • Carry out threat modelling
  • Create attack tree analyses
  • Develop risk assessment
  • Determine Cybersecurity Assurance Levels and Security Goals

Is This Course For You

To get full benefit from the course, participants should have prior knowledge and experience of J3061; Participation in Keys to Creating a Cybersecurity Process from the J3061 Framework, (ID# WB1604) or equivalent training/experience is strongly recommended.

Materials Provided

This data is not available at this time

Course Requirements

*Global toll-free telephone numbers are provided for many countries outside the U.S., but are limited to those on the WebEx call-in toll-free number list. Check here to see if your country has a global call-in toll free telephone number for this web seminar. If your country is not listed, you may still connect using the US/Canada Call-in toll number or Voice over Internet Protocol (VoIP).

Although WebEx Training Manager will automatically launch when you join the web seminar, you or your system administrator are encouraged to download the plug-in in advance to help ensure successful setup. Click here, then follow the onscreen instructions.

Topics

Session 1
  • Introduction
  • Threat Analysis
    • Threat identification
    • Threat modeling
    • Attack trees
    • Exercise 1: Threat Analysis
Session 2
  • Risk Assessment
    • Severity classification
    • Likelihood classification
    • Exercise 2: Risk Assessment
Session 3
  • Assurance Levels and Cybersecurity Goals
    • Determining the assurance level
    • Developing cybersecurity goals
  • Worked Example: Cybersecurity Goals
  • Summary