Residual Risk Evaluation – Necessary Iteration

Posted: September 5, 2024

In this article

Jiannan Wang

The cybersecurity standard ISO/SAE 21434 illustrates the development workflow in the Automotive concept phase. Cybersecurity requirements are derived from goals based on the mitigations of TARA (Threat Analysis and Risk Assessment) processes. It does however not refer to how to evaluate the effectiveness and adequacy of the successful implementation of those requirements. To handle such cases, re-evaluation of risks with consideration of implemented requirements becomes a necessity.

SystemWeaver’s cybersecurity module provides not only the initial evaluation of risks but also a second evaluation after the definition of cybersecurity requirements. This offers a way for residual risk evaluation in the early concept phase, as a confirmation of the adequacy of deployed controls, rather than pushing it to verification and validation.

 

You may also be interested in

  • Strong engagement at the GAIA workshop: Trustworthy AI in Systems Engineering – Keeping Control and Traceability

    The central question during this workshop was one that matters more as engineering complexity grows: "How does AI fit into systems engineering without eroding control, traceability, or engineering accountability?" The answer is not to add AI as a black-box layer on top of engineering work. It is to ground AI in structured engineering context, [...]

  • Systems Engineering problems and SAT solvers

    Real engineering problems which can (only) be solved by SAT solvers MSc Jan Söderberg, SystemWeaver, jan.soderberg@systemweaver.com Introduction There are engineering problems that can be expressed as so-called Boolean satisfiability problems, or “SAT” problems[1]. There are as well algorithms to solve such problems, i.e. to find the Boolean values ("true" or "false", or 1 or [...]

  • Driving car in mist

    Driving the Future of Automotive Development: How SystemWeaver Revolutionizes Software Product Lifecycle Management

    The automotive industry is undergoing a profound transformation, driven by the growing importance of software in vehicles. As the industry shifts towards Software Defined Vehicles (SDVs), the need for robust, comprehensive software product lifecycle management (PLM) solutions has never been greater. SystemWeaver is at the forefront of this revolution, offering a suite of tools and [...]