driving worldwide business excellence

SAE J3061 and ISO 21434:2019 Cybersecurity Threat Analysis and Risk Assessment (TARA)

Home > ISO Training > SAE J3061 and ISO 21434:2019 Cybersecurity Threat Analysis and Risk Assessment (TARA)

Seminar Content

This three-day course is designed to provide the knowledge and skills required to perform audits and assessments per the ISO/SAE 21434Cybersecurity Engineering Standard. This class will give you the information to Plan, Conduct and Report audit and assessment activities for ISO 21434:2019.

This course combines presentations, along with in-class group exercises to put what you are learning into practice. Concepts are reinforced by a series of breakout exercises on critical aspects of audits and assessments.

Who Should Attend

Those involved in the design, development, and production of electrical and electronic based vehicle products, including the systems, software and hardware engineers, and managers. Basically, all those responsible for the development and implementation of hardware and software systems in motor vehicles.

Participants should be, or plan to be, actively managing, or involved in, or aware of electrical and/or electronic items, systems, or elements that are incorporated in motor vehicles. And have the abilities, education, and experience required for the above roles.

Recommended Training and/or Experience

Participants should be involved in or aware of software and hardware development as it relates to the motor vehicle industry. A basic understanding of the ISO/SAE 21434 standard is recommended.

Seminar Materials

Each participant will receive a seminar manual including case studies.

Seminar Goals

  • List the main processes at the organizational and product levels that impact risk analysis and risk assessment
  • Review and understand a product’s CS requirements, goals, and prepare a cybersecurity Plan
  • Develop the Cybersecurity Concept & Refined Cybersecurity Design
  • Review and understand techniques and methods for threat analysis and risk assessment
  • List appropriate work products and the main elements of a threat analysis and risk assessment reports.
  • Understand TARA in the context of cybersecurity management.

Daily Agenda (approximate, based on class discussions)

Day One

  • Chapter 1: Introduction and Overview to ISO 21434
    • ISO 21434 Purpose, Scope and Framework
  • Chapter 2: Vehicle Monitoring and Control Systems
    • Vehicle Functions
    • Vehicle sensors and actuators
    • Communication systems: wired, wireless
    • Vehicle Architecture
    • Vehicle Platforms
  • Chapter 3: Overall Cybersecurity Management (Clause 5)
    • Product Lifecycle
    • The V-model
    • Cybersecurity Relevance
    • Item Definition
    • Cybersecurity Risk Management
  • Chapter 4: Overview of Risk Assessment Methods (Clause 7)
    • Asset Identification
    • Vulnerability Analysis
    • Breakout Exercise 5: Vulnerability Analysis
    • Attack Feasibility Analysis
    • Risk Determination
    • Risk Treatment
    • Breakout Exercise 2: Item Definition
    • Breakout Exercise 1: Safety Case Outline
  • Chapter 5: Asset Identification
    • Candidate Assets
    • Cybersecurity Properties: Confidentiality, Integrity, Availability
    • Damage Scenarios
  • Chapter 6: Threat Analysis
    • Threat Scenarios
    • Threat Identification approaches
    • Threat Scenario Identification
    • Breakout Exercise 2: Item Definition

Day Two

  • Chapter 7: Impact Analysis
    • System Architecture
    • Impact Categories: safety, financial, operational, and privacy
    • Impact Rating
  • Chapter 8: Vulnerability Analysis
    • Vulnerability Analysis Approaches
    • Known Vulnerabilities
    • Unknown Vulnerabilities
    • Vulnerabilities Scan Tools

Day Three

  • Chapter 9: Attack Analysis
    • Attack Path Analysis
    • Attack Analysis Approaches: Top-down, Bottom-up
    • Attack Feasibility Rating
    • Rating Methods: Attack Potential, Attack Vector, CVSS
  • Chapter 10: Threat Analysis Report
    • Components of the Report
    • Writing the Report
  • Chapter 11: Risk Assessment Report
    • Risk Level Determination
    • Components of the Report
    • Writing the Report
  • Chapter 12: Cybersecurity Management
    • Project Dependent CS Management
    • Risk Treatment

SAE J3061 and ISO 21434:2019 Cybersecurity Threat Analysis and Risk Assessment (TARA)

Search for Training

Course Keyword:


Start Date:

/ /

End Date:

/ /


Plantech-Omnex Partnership ppapandaudits