SAE J3061 and ISO 21434:2019 Conducting a Cybersecurity FMEA and Vulnerability Analysis Testing for Systems, Hardware and Software
Home > ISO Training > SAE J3061 and ISO 21434:2019 Conducting a Cybersecurity FMEA and Vulnerability Analysis Testing for Systems, Hardware and Software
Seminar Content
This three-day course is designed to provide the knowledge and skills required to perform vulnerability analysis and assessments per the ISO/SAE 21434 Cybersecurity Engineering Standard. This class will give you the information to Plan, Conduct and Report vulnerability analysis and assessment activities for ISO 21434:2019.
This course combines presentations, along with in-class group exercises to put what you are learning into practice. Concepts are reinforced by a series of breakout exercises on critical aspects of audits and assessments.
Who Should Attend
Those involved in the design, development, and production of electrical and electronic based vehicle products, including the systems, software and hardware engineers, and managers. Basically, all those responsible for the development and implementation of hardware and software systems in motor vehicles.
Participants should be, or plan to be, actively managing, or involved in, or aware of electrical and/or electronic items, systems, or elements that are incorporated in motor vehicles. And have the abilities, education, and experience required for the above roles.
Recommended Training and/or Experience
Participants should be involved in or aware of software and hardware development as it relates to the motor vehicle industry. A basic understanding of the ISO/SAE 21434 standard is recommended.
Seminar Materials
Each participant will receive a seminar manual including case studies.
Seminar Goals
- Learning a general methodology for conducting vulnerability analysis and assessments
- Scanning and mapping network topology
- Identifying listening ports/services on hosts
- Fingerprinting operating systems remotely
- Conducting vulnerability scans
- Auditing gateway, switch, and firewall security
- Performing MCU, hardware, and software vulnerability assessments
Daily Agenda (approximate, based on class discussions)
Day One
- Chapter 1: Introduction and Overview to ISO 21434
- ISO 21434 Purpose, Scope and Framework
- Introduction to Vulnerability Analysis
- Chapter 2: Pre-requisites for Vulnerability Analysis
- Target of analysis
- Architectural design
- Threat scenarios
- Software cybersecurity requirements
- Chapter 3: Scanning and exploits
- Vulnerability detection methods
- Types of scanners
- Enumerating targets to test information leakage
- Types of exploits: worm, spyware, backdoor, rootkits, Denial of Service (DoS)
- Deploying exploit frameworks
- Chapter 4: Uncovering infrastructure vulnerabilities
- Uncovering communication weaknesses
- Vulnerabilities in infrastructure: hardware and software
- Network management tool attacks
- Identifying IDS bypass attacks
- Corrupting memory and causing denial of service
Daily Agenda (approximate, based on class discussions)
Day Two
- Chapter 5: Exposing and Revealing MCU vulnerabilities
- Scanning controllers: assessing vulnerabilities on your network
- Uploading rogue scripts and file inclusion
- Performing buffer overflow attacks
- Scanning for MCU vulnerabilities
- Client buffer overflows
- Silent downloading: spyware
- Attacking design errors
- Chapter 6: Threat Analysis FMVEA: Failure Modes, Vulnerability and Effects Analysis
- Review of FMEA
- Adapting FMEA for Vulnerability Analysis
- Chapter 7: Implementing scanner operations and configuration
- Choosing credentials, ports and dangerous tests
- Preventing false negatives
- Creating custom vulnerability tests
- Customizing scans
- Handling false positives
- Chapter 8: Creating and interpreting reports
- Filtering and customizing reports
- Interpreting complex reports
- Contrasting the results of different scanners
Daily Agenda (approximate, based on class discussions)
Day Three
- Chapter 9: Researching alert information
- Using the National Vulnerability Database (NVD) to find relevant vulnerability and patch information
- Evaluating and investigating security alerts and advisories
- Employing the Common Vulnerability Scoring System (CVSS)
- Chapter 10: Identifying factors that affect risk
- Evaluating the impact of a successful attack
- Determining vulnerability frequency
- Calculating vulnerability severity
- Weighing important risk factors
- Performing a risk assessment
- Chapter 11: The vulnerability management cycle
- Patch and configuration management
- Analyzing the vulnerability management process
- Chapter 12: Vulnerability Assessment Report
- Report components
- Writing the report
Related Courses
|
 Advanced Statistical Process Control (SPC)
|
| Manufacturing Process Development using PFMEA (Process Flow, PFMEA, Control Plan, Part & Process Approval)
|
| Basic Statistical Process Control (SPC)
|
| Understanding Core Tools - (APQP, PPAP, DFMEA, DVP&R, PFMEA, Control Plan, SPC and MSA)
|
| FMEA 4th Edition Update
|
| Implementing MMOG with IATF 16949:2016
|
| Measurement Systems Analysis (MSA) and Advanced Analysis (ANOVA)
|
| Production Part Approval Process (PPAP) Workshop with IATF 16949:2016
|
| Total Productive Maintenance (TPM)
|
| Understanding Core Tools - APQP & PPAP
|
| Understanding Core Tools - DFMEA & DVP&R
|
| Understanding Core Tools - PFMEA & Control Plan
|
| Understanding Core Tools - Statistical Process Control (SPC)
|
| Understanding Core Tools - Measurement Systems Analysis (MSA)
|
| Production Part Approval Process (PPAP 4th Edition)
|
| APQP, FMEA and Control Plans (New Revision)
|
| APQP 2nd Edition
|
| Effective Problem Solving
|
| 7QC
|
| APQP/PPAP
|
| Machine Failure Mode Effect Analysis (MFMEA)
|
| Understanding AIAG Sub-tier Supplier Management (CQI-19)
|
| Advanced Product Quality Planning (APQP) Overview
|
| Understanding the Five Phases of APQP
|
| APQP Manufacturing Process Development using PFMEA and PPAP
|
| Product Development using SFMEA, DFMEA and Associated Tools
|
| Measurement Systems Analysis(MSA) and Statistical Process Control (SPC)
|
| Conducting Internal and Supplier (Second Party) Audits to Automotive SPICE
|
| AIAG-VDA Product FMEA Overview
|
| SAE J3061 and ISO 21434:2019 Automotive Cybersecurity Certification
|
| AIAG-VDA DFMEA (SFMEA and DFMEA) for Practitioners and Facilitators
|
| AIAG-VDA FMEA for Managers and Implementers – Implementation Training
|
| AIAG-VDA FMEA Understanding, Implications, and Strategy Executive Overview
|
| AIAG-VDA Process FMEA and Control Plans for Practitioners and Facilitators
|
| Understanding AIAG-VDA DFMEA (SFMEA and DFMEA) for Design and Project Team Members
|
| Understanding AIAG-VDA Process FMEA and Control Plans for Process and Project Team Members
|
| Product Integrity for the Product Safety & Conformance Representative (PSCR)
|
| SAE J3061 and ISO 21434:2019 Automotive Cybersecurity Executive Overview
|
| SAE J3061 and ISO/SAE 21434:2019 Overview for Functional Safety Engineers
|
| SAE J3061 and ISO 21434:2019 Cybersecurity Engineering Defense & Protection Against Attacks
|
| SAE J3061 and ISO 21434:2019 Automotive Cybersecurity Auditing and Assessment
|
| SAE J3061 and ISO 21434:2019 Cybersecurity Threat Analysis and Risk Assessment (TARA)
|
| Introduction to Autonomous and Electric Vehicles: A Functional Safety, SOTIF, and Cybersecurity Perspective
|
| Reverse Failure Mode and Effect Analysis – RFMEA
|
| Introduction to Systems Engineering: A Safety and Cybersecurity Perspective
|
| Writing Effective Requirements, Test Cases, and H/S Interfaces for Cybersecurity
|
| Preparing a Safety Case for Cybersecurity
|
Related Courses
|
| Advanced Statistical Process Control (SPC)
|
| Manufacturing Process Development using PFMEA (Process Flow, PFMEA, Control Plan, Part & Process Approval)
|
| Basic Statistical Process Control (SPC)
|
| Understanding Core Tools - (APQP, PPAP, DFMEA, DVP&R, PFMEA, Control Plan, SPC and MSA)
|
| FMEA 4th Edition Update
|
| Implementing MMOG with IATF 16949:2016
|
| Measurement Systems Analysis (MSA) and Advanced Analysis (ANOVA)
|
| Production Part Approval Process (PPAP) Workshop with IATF 16949:2016
|
| Total Productive Maintenance (TPM)
|
| Understanding Core Tools - APQP & PPAP
|
| Understanding Core Tools - DFMEA & DVP&R
|
| Understanding Core Tools - PFMEA & Control Plan
|
| Understanding Core Tools - Statistical Process Control (SPC)
|
| Understanding Core Tools - Measurement Systems Analysis (MSA)
|
| Production Part Approval Process (PPAP 4th Edition)
|
| APQP, FMEA and Control Plans (New Revision)
|
| APQP 2nd Edition
|
| Effective Problem Solving
|
| 7QC
|
| APQP/PPAP
|
| Machine Failure Mode Effect Analysis (MFMEA)
|
| Understanding AIAG Sub-tier Supplier Management (CQI-19)
|
| Advanced Product Quality Planning (APQP) Overview
|
| Understanding the Five Phases of APQP
|
| APQP Manufacturing Process Development using PFMEA and PPAP
|
| Product Development using SFMEA, DFMEA and Associated Tools
|
| Measurement Systems Analysis(MSA) and Statistical Process Control (SPC)
|
| Conducting Internal and Supplier (Second Party) Audits to Automotive SPICE
|
| AIAG-VDA Product FMEA Overview
|
| SAE J3061 and ISO 21434:2019 Automotive Cybersecurity Certification
|
| AIAG-VDA DFMEA (SFMEA and DFMEA) for Practitioners and Facilitators
|
| AIAG-VDA FMEA for Managers and Implementers – Implementation Training
|
| AIAG-VDA FMEA Understanding, Implications, and Strategy Executive Overview
|
| AIAG-VDA Process FMEA and Control Plans for Practitioners and Facilitators
|
| Understanding AIAG-VDA DFMEA (SFMEA and DFMEA) for Design and Project Team Members
|
| Understanding AIAG-VDA Process FMEA and Control Plans for Process and Project Team Members
|
| Product Integrity for the Product Safety & Conformance Representative (PSCR)
|
| SAE J3061 and ISO 21434:2019 Automotive Cybersecurity Executive Overview
|
| SAE J3061 and ISO/SAE 21434:2019 Overview for Functional Safety Engineers
|
| SAE J3061 and ISO 21434:2019 Cybersecurity Engineering Defense & Protection Against Attacks
|
| SAE J3061 and ISO 21434:2019 Automotive Cybersecurity Auditing and Assessment
|
| SAE J3061 and ISO 21434:2019 Cybersecurity Threat Analysis and Risk Assessment (TARA)
|
| Introduction to Autonomous and Electric Vehicles: A Functional Safety, SOTIF, and Cybersecurity Perspective
|
| Reverse Failure Mode and Effect Analysis – RFMEA
|
| Introduction to Systems Engineering: A Safety and Cybersecurity Perspective
|
| Writing Effective Requirements, Test Cases, and H/S Interfaces for Cybersecurity
|
| Preparing a Safety Case for Cybersecurity
|
|
|