Cybersecurity Analysis

exida offers support in the Cybersecurity TARA Analysis, both as a “turn-key service” and “offering support to the customer willing to learn autonomously”.

Here a synthetic description of what TARA is about and in what way a TARA is performed:

TARA (Threat Analysis and Risk Assessment)

TARA, in Automotive, sometimes referred to as ACRA (Automotive Cybersecurity Risk Assessment) is an analysis elected to identify, evaluate and prioritize the possible cybersecurity risks of a SW or HW function/component, with the purpose of defining the actions to be taken in order to avoid risks or in order to handle them.

In a product life cycle, TARA must be performed after the definition of the Functional Requirements, so that the implementation of any necessary measures can be early integrated in the subsequent development phase: the more this analysis is postponed, the more the implementation of any measures that proved necessary, could introduce significant changes to the solution, and could have serious repercussions in terms of extra budget and/or overrunning of the deadlines. In TARA both, information security and protection of sensitive data, are considered.

In the following, the consolidated 4-steps process that exida proposes:

  • For each considered function/component, determination of the actual relevance for Cybersecurity purposes.

  • Analysis of the protection level that the relevant function/component needs (depending on the security requirements).

  • Analysis of all the possible threats (potential risk identification and risk category definition), with prioritization.

  • Definition of the necessary actions and final report issue, as a summary reference for planning and implementing these actions.

The main usually referred inputs are:

  • Technical Concept.

  • SW, HW, SYS Architecture.

  • FuSa Analyses (FMEA/FMEDA).



exida footer logo

We provide consulting, assessment, cybersecurity, alarm management, product testing and certification under a number of Functional Safety, Security and SW Quality standards, such as IEC 61508, IEC 61511, ISO 26262, ISO 13849, IEC 62061, ISA Security Compliance Institute (ISCI), ASPICE


Contacts


All Rights Reserved © 2020 exida.com GmbH VAT-ID (DE)218559059 | exida Development SrL VAT-ID (IT)10166460013