ISO/SAE 21434 across Tools, Teams and Organizations

  • Join the LiveStream
  • When: Dec. 10, 2020 | 6 p.m. Central European Summer Time(UTC+02)

    Where: LiveStream

    Who: Bastian Kruck Solution Developer at Itemis AG

    ISO/SAE 21434 across Tools, Teams and Organizations

    Within the next two years, UNECE WP.29 will force road vehicle manufacturers and suppliers to implement ISO/SAE 21434. In my last talk at ASRG ("ISO/SAE21434 by Example“), I showed how our YAKINDU Security Analyst allows performing cybersecurity risk assessments that comply with this norm, and why it doesn’t fit into an excel spreadsheet anymore. But even the best tool has to be embedded into an ecosystem. How might such analysis stay in sync with the technical architecture? How may suppliers deliver analysis results to the OEM? How may analysis results be merged to validate the vehicle as a whole? How may the analysis be kept up to date with new 0days? In today’s talk, I will propose a vision that addresses these questions. As part of that, I will introduce our initiative, which aims at establishing an open exchange format for cybersecurity risk assessments to transfer data between tools, teams and organizations.

    About the Presenter:

    Bastian Kruck studied software engineering in Potsdam. He plays the double bass and likes to create domain-specific tools. At itemis AG, he is a software consultant and a developer of the YAKINDU Security Analyst Tool. The tool assists in performing cybersecurity risk assessments that comply with ISO/SAE 21434. itemis AG is a consultancy with around 200 employees, serving customers in the automotive domain domain, as well as insurance, telecom, logistics, railway, and retail. It has offices in Germany, France, Switzerland and Tunisia.

    Visit Speaker Profile