Product Security Incident Response Team (PSIRT) Overview – Video Course
This video course will provide you with a background history of PSIRT and enable you to recognize its importance for automotive organizations. Moreover, after completing the video course you will be able to understand the different PSIRT operation models, as well as its structured and all related activities and service areas based on state of the art procedures and methodologies.
Learn why and how correct PSIRT implementation leads to correct security incidents and vulnerabilities handling
Cyberattacks have been on the rise for decades. However, cyberattacks in the automotive industry has been on the rise since the previous decade. This is where the PSIRT framework becomes relevant for automotive organizations. In this “Product Security Incident Response Team PSIRT Overview” video course, you will get to know the PSIRT framework historical background, its importance, operation models, and structure.
Before we jump into the details of the PSIRT Framework, we will first provide you with background history on the events that led to the creation of the PSIRT framework. Moreover, we will highlight how the automotive industry has been affected by cyberattacks over the previous year, the importance of implementing the PSIRT framework in your organization, and how it can complement the Cybersecurity Management System (CSMS).
Once you understand what the PSIRT framework is and recognize its importance, we will continue to introduce the different PSIRT operating model proposed by the framework: distributed model, centralized model, and hybrid model. While you get a detailed explanation for each model, you will learn how each model fits different organizations based on various factors and what should be considered when selecting one.
Next, we will take a deep dive into the structure of PSIRT, related activities, and service areas including operational foundation, stakeholder ecosystem management, training and education, vulnerability discoveries, vulnerability triage and analysis, remediation, and vulnerability disclosure.
At last, we will provide you with an example of PSIRT usage in the automotive industry including the contained service areas, as well as how it relates or supports CSMS and SUMS processes.
Who the „Product Security Incident Response Team (PSIRT) Overview“ video course is made for
Professionals involved in automotive cybersecurity
Besides the implementation of a Cybersecurity Management System (CSMS), implementing the PSIRT framework in your organization helps handle security incidents and vulnerabilities. Therefore, learning about the PSIRT operation models and how it is structured, is highly beneficial for anyone involved in automotive cybersecurity.
All professionals in the organization
Perhaps you are not directly involved with automotive cybersecurity, but you are responsible for budgeting, forming teams, or allocating resources. In this video course, you will not only learn about the relevance of forming a capable PSIRT team, but also about the operational foundation service area that needs to be established at the organizational level.
Product Security Incident Response Team (PSIRT) Overview video course content
In this section, we will define the contents of the video course, the importance of PSIRT, and the learning objectives.
II. Background
Learn what FIRST is and what its background is, as well as the series of events that led to the creation of the PSIRT framework.
III. Why is it important?
Recognize the importance of preparing for incidents based on the prevalence of cyberattacks in the automotive industry, as well as how exactly the PSIRT framework supports organizations.
IV. PSIRT Operation models
Understand the different PSIRT models including distributed, centralized, and hybrid models. An explanation and recommendations will be provided for each.
V. PSIRT Structure
Get an overview of the PSIRT structure, how each of them help define the inner workings of the PSIRT, and introduce the service areas including the operational foundation and vulnerability discovery.
VI. Operational foundation
Get a more detailed explanation on the PSIRT’S operational foundation, including what components it describes and how they are classified.
VII. Stakeholder ecosystem management
Learn what the stakeholder ecosystem management PSIRT’s service area describes, as well as important considerations.
Comprehend the importance of providing trainings and education, in addition to key considerations to keep in mind.
IX. Vulnerability Discovery
Here, you will learn what the vulnerability discovery service area describes, what must be collected, and how it supports vulnerability management.
X. Vulnerability Triage and Analysis
Understand the purpose of vulnerability triage and analysis, as well as recommendations for handling triage and further considerations.
XI. Remediation
Know the objective of the remediation service area, what it should include, and how it should be determined.
XII. Vulnerability disclosure
Recognize the importance of the vulnerability disclosure, how it is formed, and important considerations.
XIII. Example on PSIRT usage within the automotive industry
Get a visual overview of the PSIRT function in the automotive industry, considering the aforementioned steps and service areas, as well as how it is related to CSMS and SUMS processes.
XIV. Product Security Incident Response Team (PSIRT) Overview – Sum up
Get a summary of the main lessons learned during this Product Security Incident Response Team (PSIRT) video course.
More video courses related to Product Security Incident Response Team (PSIRT) Overview
Cybersecurity Requirements for Post-Development In Vehicles
Cybersecurity requirements for post-development are demanded by UN R155 and ISO/SAE 21434:2021. Learn the main considerations in this video course.
Production Control Plan for Cybersecurity in Vehicle Manufacturing
Know what the pre-requirements and specific contents of the Production Control Plan are. Learn about this major work product with this video course.
Release for Post-Development Report
Learn about the release for post development report as a work product for ISO/SAE 21434:2021 and UN Regulation No. 155. Watch video course.
Communication and Stakeholder Management
In this video course, you will learn about how to approach communication and stakeholder management in vehicle cybersecurity as required by ISO/SAE 21434:2021.
Cybersecurity Monitoring and Event Evaluation
Understand what cybersecurity monitoring and event evaluation is based in the cybersecurity continual activities framework. Watch video course.
Product Security Incident Response Team (PSIRT) Overview
In this video course, you will learn exactly all the Product Security Incident Response Team or PSIRT service areas, their purpose, and contents.
Cybersecurity Incident Response Plan
Learn what a cybersecurity incident response plan is and what it should contain to comply with ISO/SAE 21434 in this video course.
Vulnerability Analysis for Vehicle Cybersecurity
Learn what is the cybersecurity vulnerability analysis in continual cybersecurity activities and as required by the ISO/SAE 21434. Also, learn how to correctly decide a course of action to treat a vulnerability.
Cybersecurity Case as ISO/SAE 21434 Work Product
Learn how to create a cybersecurity case, which is a work product of ISO/SAE 21434. In this video course, you will also get lessons learned from real projects.
Supplier Selection Process in Automotive
Learn about the supplier selection process in automotive and which cybersecurity capabilities should be followed to comply with ISO/SAE 21434 and other automotive cybersecurity standards and regulations.
Cybersecurity Interface Agreement as required ISO/SAE 21434 work product
Learn how to build the structure of the Cybersecurity Interface Agreement as required by ISO/SAE 21434. Template incl. in this 7 min video course.
Cybersecurity plan in automotive: what it is and how it is structured
Learn what is a cybersecurity plan in automotive and what aspects are required by ISO/SAE 21434 in this short video course and sample plan.
Tool Management according to ISO/SAE 21434
Understand why tool management is crucial and what is required from the ISO/SAE 21434 standpoint, while taking ISO 26262 as a base to define the tool management methods.
Managing Cybersecurity at Organizational Level Summary
Get an overview on managing cybersecurity at the organizational level as for ISO/SAE 21434 and required work products. Watch video course.
Cybersecurity Audits and Assessments in Automotive
Learn more about automotive cybersecurity audits and assessments in this video course. Get a glimpse on how ISO/PAS 5112, ASPICE, VDA QMC ACSMS can support you to audit and assess along the ISO/SAE 21434 and UN R155.
Competence Management in Vehicle Cybersecurity
Learn how competence management according to ISO/SAE 21434 can be achieved and recognize the negative consequences of ignoring it.
Cybersecurity Policy Rules and Processes
The cybersecurity policy is a requirement for ISO/SAE 21434 and UN Regulation No 155. Learn about it on this video course.
Cybersecurity Culture in Automotive
Building cybersecurity culture is a requirement for ISO/SAE 21434 and an important component that benefits organizations.
Understanding the Impact of Cybersecurity in Project Lifecycle
Learn how to manage and plan cybersecurity in the project lifecycle and understand the possible negative consequences if ignored.
Distributed Development In Automotive
Learn how distributed development enables successful projects in automotive and meet ISO/SAE 21434 expectations.
The Importance of Including Cybersecurity in Project Management Activities
In this video you will learn how important is to include Cybersecurity in Project Management activities to ensure project success.
