After our ISO/SAE DIS 21434 Pocket Guide (exclusively with contents of the then current version of the standard) and The Essential Guide to ISO/SAE 21434 (the comprehensive reference book on automotive cybersecurity), the first practical handbook with tools for the application of the standard is now available. Since October 2023, the big ISO/SAE 21434:2021 Workbook from CYRES Consulting can be obtained digitally as Ebook/PDF worldwide.
In this article you will find the most important information about the content and application areas of the Workbook and learn how to obtain it via the CYRES Academy learning platform.
- I. Experience and expertise of an international automotive cybersecurity consultancy as a starting point for the workbook
- II. What does the ISO/SAE 21434:2021 Workbook contain?
- III. Included: All Work Products (incl. Requirements, Recommendations and Permissions) of ISO/SAE 21434:2021 in the First Edition
- IV. The core of the ISO/SAE 21434:2021 Workbook: six templates for the development of the most important work products of the standard
- V. Tailor-made for automotive specialists: a Cybersecurity Controls Catalogue
- VI. How to purchase the ISO/SAE 21434:2021 Workbook?
Experience and expertise of an international automotive cybersecurity consultancy as a starting point for the workbook
A little more than two years after the official release of ISO/SAE 21434:2021 in the so-called “First Edition”, a number of software solution providers, consultancies and service providers have meanwhile positioned themselves around the ISO standard. First and foremost, to promote their respective offerings in the automotive market.
At the same time, cybersecurity managers, cybersecurity engineers and those responsible for cybersecurity in vehicle development are still faced with recurring questions as to how exactly the elaborations of ISO/SAE 21434 are to be approached in one’s own organizational and project context.
The ISO/SAE 21434:2021 Workbook is intended to provide field-tested best practices, instructions for action and helpful work aids for everyday use. Not derived from abstract theory level, but resulting from the experience and expertise of cybersecurity consulting projects, in which CYRES Consulting teams have been dealing with the challenges of ISO/SAE 21434 for leading international OEMs and Tier-N suppliers for many years now.
What does the ISO/SAE 21434:2021 Workbook contain?
Based on the fact that “the automotive cybersecurity scene” is currently still evolving – both on the side of the automotive industry there is a build-up of competencies, and at the same time the intersections with cybersecurity are becoming more and more obvious – the Workbook purposely addresses all roles and functions of the automotive organization that are involved with the standard to some degree.
Specifically, in the approximately 250 pages of the ISO/SAE 21434:2021 Workbook (Ebook/PDF), you will find content on these topics:
- Content of the standard, officially licensed from ISO/DIN
- Templates for the most important work products
- Advanced knowledge content, e.g. a Cybersecurity Controls Catalogue
- Excursus content, such as a mapping to UN Regulation No 155 or ASPICE for Cybersecurity
- Expert interviews, such as on certification, assessments, gap analysis, audits & co.
Included: All Work Products (incl. Requirements, Recommendations and Permissions) of ISO/SAE 21434:2021 in the First Edition
After we have already pursued the claim to always include the latest version of the standard in our previous publications, we have managed to obtain the official reproduction permission from ISO/DIN for the ISO/SAE 21434:2021 Workbook (Ebook/PDF) to include the contents of the standard in the most recent version.
In this context, we have deliberately excluded all contents with (from our point of view) less relevance for the work in practice. General explanations, the appendices, the preceding general contents, etc. will not be found in our Workbook. Last but not least, in order not to unnecessarily increase the licensing costs for our readers.
To be more specific, all 42 Work Products (from clause 05 to clause 15) are included in the ISO/SAE 21434:2021 Workbook. And of course the corresponding Requirements, Recommendations and Permissions.
Thus, the really relevant contents of the standard for elaboration in practice are contained in the ISO/SAE 21434:2021 Workbook.
The core of the ISO/SAE 21434:2021 Workbook: six templates for the development of the most important work products of the standard
In parallel to our Academy education offerings as well as our consulting business, we have received repeated inquiries over the years about the extent to which we have concrete templates, master sheets, or examples for the ISO/SAE 21434 work products on offer.
Finally we can say, yes, we have something.
You will find templates around these key Work Products in the ISO/SAE 21434:2021 Workbook:
- Cybersecurity Plan [WP-06-01]
- Cybersecurity Case [WP-06-02]
- Cybersecurity Interface Agreement [WP-07-01]
- Item Definition [WP-09-01]
- Threat Analysis and Risk Assessment (TARA) [WP-09-02]
- Cybersecurity Concept [WP-09-06]
Important to understand: Our claim with the templates in the workbook is not to provide a pure blueprint that can be filled out “somehow quickly”. Rather, these templates should stimulate a process of understanding.
After all, when applying ISO/SAE 21434, it is important to understand that there is no one-size-fits-all solution, even if everyone would like to have it like that; each organization, each team, each project, each component, any development must find its own elaborations around cybersecurity.
Accordingly, the templates consist of formulated explanations and thematic introductions that provide real guidance on elaborations of each Work Product in a comprehensive manner. These guides are supported by supplementary tables, visualizations and checklists. Special added value: These work aids are not pure theory, but are based on field-tested application knowledge. They result from the experience and expertise of many years of consulting work on the application of ISO/SAE 21434 in the automotive industry.
Tailor-made for automotive specialists: a Cybersecurity Controls Catalogue
We are all familiar with situations in project meetings or in exchanges with suppliers and cooperation partners in which there is a lot of talk, but not everyone has the same understanding of what exactly is being talked about.
The fact is: the entire domain of automotive value creation is currently experiencing the infusion of new aspects of cybersecurity.
Lack of expertise or detailed knowledge in cybersecurity is not a shame – it’s just that there are rarely opportunities in everyday life to acquire the necessary expertise, ask questions and get necessary explanations.
That’s exactly the purpose of the Cybersecurity Controls Catalogue, part of the ISO/SAE 21434:2021 Workbook, to provide guidance.
Starting from the most important basics of cryptography, we present the common cybersecurity controls (Secure Boot, Secure Communication, Secure Software, Secure Memory, etc.) in detail on about 30 pages.
How to purchase the ISO/SAE 21434:2021 Workbook?
Due to the fact that the publication of the workbook is again self-published by CYRES Consulting, the ISO/SAE 21434:2021 will not be published through regular distribution channels of specialist books, but through our existing channels.
Delivery via the CYRES Academy learning platform
Ordering the ISO/SAE 21434:2021 Workbook from CYRES Consulting can only be done via the CYRES Academy platform. By completing the order, a new account will be created (if not existing) on the CYRES Academy platform.
The ISO/SAE 21434:2021 Workbook (Ebook/PDF) is automatically assigned as a product to the created account (and the e-mail address used for the order).
The Ebook/PDF can be downloaded immediately in the login area after successful payment.
You are a purchasing department (or similar) and want to purchase/license the ISO/SAE 21434:2021 Workbook for another person? Please read the following information:
Licensing for corporate customers
Based on the fact that the Workbook with official license from ISO/DIN contains the contents of ISO/SAE 21434:2021, delivery/licensing on individual person level is also required when providing the Workbook to teams, departments or corporate customers.
We are pleased to provide organizational support for company-specific purchasing processes (purchase order, quotation, etc.), independent of the delivery of the Workbook via the platform to the respective end users/readers.
To receive our pricing structure for corporate customers (discounts possible for 5 or more licenses), please contact our CYRES Academy team directly.
Specialist booksellers, resellers and other institutions
Please understand that the ISO/SAE 21434:2021 Workbook (Ebook/PDF) with the contents of the standard can only be delivered directly to respective end users, so that we are currently somewhat limited in our options for traditional book retailers. In addition to this organizational situation, our options for adjusted purchase prices for the specialist book retail trade are unfortunately also strongly limited due to the licensing costs per copy.
Please do not hesitate to contact us if you are interested, nevertheless. The CYRES Academy team is also at your disposal.
We hope you enjoy reading the book and look forward to your feedback. Click here to order your digital copy of the ISO/SAE 21434:2021 Workbook
Philipp Veronesi is founder and managing director of CYRES Consulting, one of the leading automotive cybersecurity consultancies. He has many years of practical experience not only in engineering but also in the management of technically challenging development projects for leading players in the automotive industry, including BMW, Audi, Rolls Royce, and others.