Risk Determination and Treatment in automotive – Video course
In this last video course of our Cybersecurity Risk Assessment chapter, you will learn about the last two steps of the TARA: the risk determination and risk treatment. We will provide a thorough explanation of how risk determination is executed. Additionally, you will learn how to make the right risk treatment decisions, which are recommended by the ISO/SAE 21434.
Prioritize Properly with the Right Risk Determination and Treatment Decisions
After defining all the cybersecurity assets, threats scenarios, and their likelihood to actually happen, it is necessary to have a process and structured approach to deal with risks. Therefore, the risk determination and treatment decisions are needed in the TARA process. In this video course, “Risk Determination and Treatment Decisions”, we will go over these last two steps to complete the CYRES Academy Cybersecurity Risk Assessment chapter.
To start with, we will introduce what the risk determination is, what its purpose is, and how it is done considering the previously defined outputs, the impact rating and attack feasibility values defined in the attack path and feasibility analysis. Moreover, we will introduce the risk matrix, recommended by ISO/SAE 21434 and explain the values that should be assigned. This will determine the worthiness and how much attention a risk should get.
Afterwards, we will introduce the next and final step, the risk treatment. First, you will get an overview of the different risk treatment approaches recommended by ISO/SAE 21434 including retention, mitigation, avoidance, and sharing. Finally, we will also highlight when sharing is a suitable treatment in the context of the automotive industry.
Why the Risk Determination and Treatment video course is important
Get the final picture of the TARA
With the last two pieces missing in the puzzle, you will finally complete the overall TARA process and the CYRES Academy Cybersecurity Risk Assessment chapter. By the end of this video, you will know all the contents of the TARA as a whole and in accordance to ISO/SAE 21434.
Learn how to treat risks right
After completing this video course and chapter, you will not only have learned about the main TARA activities, needed inputs and outputs as required by ISO/SAE 21434. You will also know how to rightly prioritize risks and make the right treatment decisions.
Risk Determination and Treatment – Video course content
Find out what you will learn during this video course and what it has to offer in value in this section.
II. ISO/SAE 21434 Risk Assessment Process
As usual in the cybersecurity risk assessment video courses, we will highlight where the risk determination takes place in the overall TARA process and the goal for this step.
III. Risk determination
Get to know how what the risk determination in the context of ISO/SAE 21434 is and how the Attack analysis and Feasibility Analysis’ impact rating and attack feasibility values are taken into account using a risk matrix. An example is included, where the values for attack feasibility rating are explained.
Going back to the overall TARA process, we will explain the concept of risk treatment and the corresponding treatment decisions.
V. Risk treatment: a closer look
Get a detailed explanation for each of the previously defined risk treatments and how each of them are made and handled. Plus, we will provide ISO/SAE 21434 recommendations and requirements.
VI. Risk Determination and Treatment – Sum Up
Here, we will provide a summary of the main points learned during this video course in bullet points.