Introduction to cybersecurity controls – video course
Learn what cybersecurity controls are, their important role in achieving cybersecurity requirements and goals, as well as which forms they may take. Additionally, you will learn what ISO/SAE 21434 recommends in selecting cybersecurity controls, suggested approaches, and how proper classification helps selecting the right cybersecurity controls.
Know how to achieve cybersecurity requirements with the right cybersecurity controls and according to ISO/SAE 21434
In order to achieve cybersecurity requirements and goals, actions and measures must be implemented. This is where cybersecurity controls come into play. They may take various forms such as policies, procedures, plans, and more, about which you will learn in this video course.
We will start by defining cybersecurity controls in the context of automotive cybersecurity according to the well known SAE J3601 and ISO/SAE 21434 standards. Thus, we will also provide you a bigger picture on cybersecurity controls, by drawing links between cybersecurity requirements, goals, and the cybersecurity concept.
Next, we will highlight the importance of selecting cybersecurity controls as required by ISO/SAE 21434 and introduce two approaches identified by NIST for cybersecurity controls selection, including the baseline control selection approach and the organization generated control selection approach. You will learn what both approaches involve, understand for which situations they are best suited for and get recommendations for each.
Additionally, since the options for cybersecurity controls are limitless, you will be able to recognize why cybersecurity controls classification is helpful to narrow them down to a suitable subset depending on the product development stage, for instance. We will also provide detailed explanations on approaches to select cybersecurity controls, including classification by control type, function, and abstraction layer.
Who our Introduction to Cybersecurity Controls video course is made for
For all professionals involved in automotive cybersecurity
Because cybersecurity controls can take in any form, such as plans, policy, procedure, technique, or even device design, it is essential everyone involved in ensuring cybersecurity across the production line has a general understanding of their overall purpose and can select the right cybersecurity controls.
For everyone in the organization
Cybersecurity controls help companies protect their assets, so understanding them and how they might be implemented is in the best interest of everyone in the organization. Therefore, this video course is useful as it provides a comprehensive introduction into the topic.
Introduction to Cybersecurity Controls – Video course content
Get to know the learning objectives of this video course and the importance of cybersecurity controls.
II. What are cybersecurity controls?
First, we will clarify how cybersecurity controls protect assets. Then we will provide examples for tangible and intangible assets, define cybersecurity controls according to SAE J3061 and ISO/SAE 21434, and present forms of cybersecurity controls.
III. Cybersecurity requirements and controls
Understand how cybersecurity requirements and controls are related. Know what cybersecurity requirements are, how they are derived and the purpose of cybersecurity controls. In addition, you will also learn how cybersecurity goals and the cybersecurity concept are related.
IV. Risk assessments as basis for selecting controls
Learn what ISO/SAE 21434 recommends about selecting cybersecurity controls with a risk based cybersecurity engineering approach and what the two main questions to address to achieve this are.
Get clarity on approaches to select cybersecurity controls as identified by NIST: baseline control selection approach and organization generated control selection approach. We will explain, compare both approaches, and provide recommendations for each.
VI. Classification of cybersecurity controls
Understand the importance of cybersecurity controls classification and how classification changes according to the product development phase. Next, we will explain each of the following classification approaches: by control type, by control function, by abstraction layer.
Finally, we will recapitulate on the main lessons learned in this introductory video course on cybersecurity controls.