SAE J3061 and ISO 21434:2020 Conducting a Cybersecurity FMEA and Vulnerability Analysis Testing for Systems, Hardware and Software

Home > ISO Training > SAE J3061 and ISO 21434:2020 Conducting a Cybersecurity FMEA and Vulnerability Analysis Testing for Systems, Hardware and Software

View Dates and Register

Provide course at my site

Tell Me About Future Dates

Register for courses 60 days in advance and get 10% off this price.
Register for courses 30 days in advance and get 5% off this price.
Note:Pricing is dependent on location and may vary.

Seminar Content

This three-day course is designed to provide the knowledge and skills required to performvulnerability analysis and assessments per the ISO/SAE 21434Cybersecurity Engineering Standard. This class will give you the information to Plan, Conduct and Report vulnerability analysis and assessment activities for ISO 21434:2020.

This course combines presentations, along with in-class group exercises to put what you are learning into practice. Concepts are reinforced by a series of breakout exercises on critical aspects of audits and assessments.

Who Should Attend

Those involved in the design, development, and production of electrical and electronic based vehicle products, including the systems, software and hardware engineers, and managers. Basically, all those responsible for the development and implementation of hardware and software systems in motor vehicles.

Participants should be, or plan to be, actively managing, or involved in, or aware of electrical and/or electronic items, systems, or elements that are incorporated in motor vehicles. And have the abilities, education, and experience required for the above roles.

Recommended Training and/or Experience

Participants should be involved in or aware of software and hardware development as it relates to the motor vehicle industry. A basic understanding of the ISO/SAE 21434 standard is recommended.

Seminar Materials

Each participant will receive a seminar manual including case studies.

Seminar Goals

Learning a general methodology for conducting vulnerability analysis and assessments
Scanning and mapping network topology
Identifying listening ports/services on hosts
Fingerprinting operating systems remotely
Conducting vulnerability scans
Auditing gateway, switch, and firewall security
Performing MCU, hardware, and softwarevulnerability assessments

Daily Agenda (approximate, based on class discussions)

Day One

Chapter 1: Introduction and Overview to ISO 21434
- ISO 21434 Purpose, Scope and Framework
- Introduction to Vulnerability Analysis
Chapter 2: Pre-requisites for Vulnerability Analysis
- Target of analysis
- Architectural design
- Threat scenarios
- Software cybersecurity requirements
Chapter 3:Scanning and exploits
- Vulnerability detection methods
- Types of scanners
- Enumerating targets to test information leakage
- Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS)
- Deploying exploit frameworks
Chapter 4: Uncovering infrastructure vulnerabilities
- Uncovering communication weaknesses
- Vulnerabilities in infrastructure: hardware and software
- Network management tool attacks
- Identifying IDS bypass attacks
- Corrupting memory and causing denial of service

Day Two

Chapter 5: Exposing and Revealing MCU vulnerabilities
- Scanning controllers: assessing vulnerabilities on your network
- Uploading rogue scripts and file inclusion
- Performing buffer overflow attacks
- Scanning for MCU vulnerabilities
- Client buffer overflows
- Silent downloading: spyware
- Attacking design errors
Chapter 6: Threat Analysis FMVEA: Failure Modes, Vulnerability and Effects Analysis
- Review of FMEA
- Adapting FMEA for Vulnerability Analysis
Chapter 7: Implementing scanner operations and configuration
- Choosing credentials, ports and dangerous tests
- Preventing false negatives
- Creating custom vulnerability tests
- Customizing scans
- Handling false positives
Chapter 8:Creating and interpreting reports
- Filtering and customizing reports
- Interpreting complex reports
- Contrasting the results of different scanners

Day Three

Chapter 9: Researching alert information
- Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information
- Evaluating and investigating security alerts and advisories
- Employing the Common Vulnerability Scoring System (CVSS)
Chapter 10: Identifying factors that affect risk
- Evaluating the impact of a successful attack
- Determining vulnerability frequency
- Calculating vulnerability severity
- Weighing important risk factors
- Performing a risk assessment
Chapter 11: The vulnerability management cycle
- Patch and configuration management
- Analyzing the vulnerability management process
Chapter 12: Vulnerability Assessment Report
- Report components
- Writing the report