Cybersecurity plan in automotive: what it is and how it is structured
A cybersecurity plan is the central document for tracking all cybersecurity activities and their progress. Hence, knowing how it is structured, developed, and what aspects are required by ISO/SAE 21434 is essential for cybersecurity in the vehicle industry. This is exactly what you will learn during this short 13-minute video course, as well as what is the role of the cybersecurity plan during the concept and development phases.
Learn how to develop a cybersecurity plan as required by ISO/SAE 21434
Cybersecurity planning is crucial to achieve cybersecure products and, as already mentioned, to comply with ISO/SAE 21434. Undoubtedly, the cybersecurity plan is an essential document during cybersecurity planning and can’t be neglected as it defines important aspects necessary for projects and all involved stakeholders. Especially, when cybersecurity activities can be distributed and clients as well as suppliers need to define a plan for their respective activities.
Therefore, in this “Cybersecurity Plan” video course, we will explain what a cybersecurity plan is and how to correctly create it and develop it.
First, we will introduce the concept of cybersecurity planning, cybersecurity relevance for items and components. What’s more, you will get a clear overview of the cybersecurity plan requirements according to ISO/SAE 21434.
Secondly, we will explain how to develop a cybersecurity plan step by step during the concept and development phases as well as when it should be updated. Once there is a common understanding on how to create a cybersecurity plan, we will provide a sample cybersecurity plan to give you a reliable point of reference based on best practices and explain each content section.
At last, we will also present the costly consequences of neglecting a cybersecurity plan to reinforce the importance and impact it has across organizations’ projects and roles.
The CYRES Consulting ISO/SAE 21434 Pocket Guide and The Essential Guide to ISO/SAE 21434 are followed by the now released ISO/SAE 21434:2021 Workbook, The new publication is designed to simplify practical work with the most important automotive cybersecurity standard and is the first ISO/SAE 21434:2021 Workbook. It will include:
- all work products (and corresponding requirements, recommendations and permissions) of ISO/SAE 21434:2021 („First Edition“) – officially licensed by ISO
- Field-tested templates for key work products, such as TARA, Cybersecurity Plan, Item Definition, CIA, and more
- Expert interviews, background information, explanations with a practical perspective across the automotive value chain
The workbook is ready for ordering here and is available worldwide as a digital workbook (ebook / PDF).
Who the Cybersecurity Plan video course is made for
For project managers
Not having a cybersecurity plan might lead to unclear responsibilities, not being able to establish a schedule baseline, and ultimately projects getting off track. By watching this video course you will learn to develop a cybersecurity plan and avoid costly consequences.
For quality managers
Having a cybersecurity plan not only is there a lack of evidence of cybersecurity due diligence, but also in might result in items or components not being secure enough. Therefore, knowing how to correctly develop a cybersecurity plan is key, also for fulfilling ISO/SAE 21434 requirements.
Cybersecurity plan video course content
As an introduction to the concept of cybersecurity plan, we will first explain what it is, introduce what the learning objectives of this video course and the relevance to your role.
II. Cybersecurity planning
Before going deeper into the cybersecurity plan concept, we will first explain the concept of cybersecurity planning, what makes an item or component cybersecurity relevant and how it is related in the design and development process and cybersecurity lifecycle of the item or component.
III. The cybersecurity plan
Here, you will learn what are the characteristics of the cybersecurity plan, why it is critical for distributed development, and recognize its importance for projects.
IV. Required cybersecurity plan contents according to ISO/SAE 21434
In this section, we will explain each of the six aspects that must be included in the cybersecurity plan according to ISO/SAE 21434 and provide examples.
In a visual illustration of a cybersecurity plan, get guidance on how to develop a cybersecurity plan and where to reference it. Additionally, you will learn when it should be updated as well as the work products.
VI. Cybersecurity plan sample document structure
Get a more accurate idea on how a cybersecurity plan might look like in this section. We will provide a sample document based on automotive cybersecurity best practices and state of the art.
VII. Consequences of neglecting cybersecurity plan
Recognize the negative impact of neglecting a cybersecurity plan. This section will reinforce the importance of having a cybersecurity plan and why it is essential for clear responsibility and communication among external and internal project stakeholders.
VIII. Cybersecurity plan video course summary
Finally, we will recapitulate on the main lessons learned during the cybersecurity plan video course, the benefits of having a cybersecurity plan, and why it should be addressed as early as possible.
More video courses related to Cybersecurity Plan
Cybersecurity Requirements for Post-Development In Vehicles
Cybersecurity requirements for post-development are demanded by UN R155 and ISO/SAE 21434:2021. Learn the main considerations in this video course.
Production Control Plan for Cybersecurity in Vehicle Manufacturing
Know what the pre-requirements and specific contents of the Production Control Plan are. Learn about this major work product with this video course.
Release for Post-Development Report
Learn about the release for post development report as a work product for ISO/SAE 21434:2021 and UN Regulation No. 155. Watch video course.
Communication and Stakeholder Management
In this video course, you will learn about how to approach communication and stakeholder management in vehicle cybersecurity as required by ISO/SAE 21434:2021.
Cybersecurity Monitoring and Event Evaluation
Understand what cybersecurity monitoring and event evaluation is based in the cybersecurity continual activities framework. Watch video course.
Product Security Incident Response Team (PSIRT) Overview
In this video course, you will learn exactly all the Product Security Incident Response Team or PSIRT service areas, their purpose, and contents.
Cybersecurity Incident Response Plan
Learn what a cybersecurity incident response plan is and what it should contain to comply with ISO/SAE 21434 in this video course.
Vulnerability Analysis for Vehicle Cybersecurity
Learn what is the cybersecurity vulnerability analysis in continual cybersecurity activities and as required by the ISO/SAE 21434. Also, learn how to correctly decide a course of action to treat a vulnerability.
Cybersecurity Case as ISO/SAE 21434 Work Product
Learn how to create a cybersecurity case, which is a work product of ISO/SAE 21434. In this video course, you will also get lessons learned from real projects.
