Fo(u)rces of Cybersecurity Engineering
Goals, Controls, Requirements and Threats
Date: 13.11.2023, 4 pm (CET)
Language: English
Speaker: Timo Karasch/Florian Schmitt
Goals, Controls, Requirements and Threats
Date: 13.11.2023, 4 pm (CET)
Language: English
Speaker: Timo Karasch/Florian Schmitt
Cybersecurity Goals, Controls, Requirements and Threats are important forces for cybersecurity engineering. It is nearly impossible to separate them in a timely manner. In fact, they influence each other during definition.
This webinar gives a simple example of the interaction of these four forces and addresses the consistency to existing standards in Cybersecurity (ISO 21434 and Automotive SPICE for Cybersecurity). It shows a possible approach for implementation in your organization.
This webinar gives a simple example of the interaction of these four forces and addresses the consistency to existing standards in Cybersecurity (ISO 21434 and Automotive SPICE for Cybersecurity). It shows a possible approach for implementation in your organization.
|
Download the presentation
|
Watch the recording on YouTube
| ||
ASPICE 4.0: Evolution or Revolution?
Date: 25.07.2023, 4 pm (CEST)
Language: English
Speaker: Dr. Holger Höhn
Date: 25.07.2023, 4 pm (CEST)
Language: English
Speaker: Dr. Holger Höhn
In May 2023, the VDA QMC published a pre-release version of Automotive SPICE® 4.0 on its website together with the draft "Automotive SPICE® Guidelines 2nd edition" (the so-called yellow volume). We took a closer look at the modifications in both documents.
In this webinar, we summarize the most important changes for you: No more base practices for strategies, additional processes for hardware development and machine learning are just a few examples.
So, is this an evolution or a revolution?
In this webinar, we summarize the most important changes for you: No more base practices for strategies, additional processes for hardware development and machine learning are just a few examples.
So, is this an evolution or a revolution?
|
Download the presentation
|
Watch the recording on YouTube
| ||
How do I bring levels to my requirement chaos?
Date: 25.04.2023, 4 pm (CET)
Language: English
Speaker: Timo Karasch
Date: 25.04.2023, 4 pm (CET)
Language: English
Speaker: Timo Karasch
First, our processes constantly ask us to specify requirements. Then we have to bother with quite a lot of documents and specifications. Even the relevant literature cannot explain to me in an understandable way what the difference between all these requirements is supposed to be. And finally, an assessor comes and evaluates my specification as insufficient.
This is the end of it! In this webinar we want to bring levels into our requirements chaos. Using simple examples, we will show the different types of requirements and learn a few helpful methods for working with requirements.
This is the end of it! In this webinar we want to bring levels into our requirements chaos. Using simple examples, we will show the different types of requirements and learn a few helpful methods for working with requirements.
|
Download the presentation
|
Watch the recording on YouTube
| ||
Automotive SPICE® 4.0 - The next major update of the most used process assessment model
Date: 09.02.2023, 4 pm (CET)
Language: English
Speaker: Bernhard Sechser
Date: 09.02.2023, 4 pm (CET)
Language: English
Speaker: Bernhard Sechser
The Automotive SPICE® process assessment model is facing significant changes with its new version 4.0. The goal of the VDA QMC changes is to add cybersecurity-specific processes to the model to meet regulatory requirements such as those of UNECE R155 for managing cybersecurity risks in supply chains. At the same time, missing development disciplines such as for hardware as well as the new topic of machine learning will be included. But it's not just the process dimension that will change; there are also some critical updates to consider in the capability dimension.
With all these changes, the question arises as to who should evaluate the implementation of these processes for their adequacy, for example in the context of type approval.
Our free webinar highlights this issue on the assessor side and presents both the currently defined process as well as the future intacs® training program.
With all these changes, the question arises as to who should evaluate the implementation of these processes for their adequacy, for example in the context of type approval.
Our free webinar highlights this issue on the assessor side and presents both the currently defined process as well as the future intacs® training program.
|
Download the presentation
|
Watch the recording on YouTube
| ||
Hardware SPICE - When electronics development becomes part of our system
Date: 19.01.2022, 4 pm (CET/CEST)
Language: English
Speaker: Timo Karasch
Date: 19.01.2022, 4 pm (CET/CEST)
Language: English
Speaker: Timo Karasch
Wait, hasn't the development of electrics and electronics always been part of our systems? In principle yes, but the development was largely self-sufficient and the existing interfaces were often neglected. However, as our systems are becoming more and more complex, and both the consideration of the interfaces and the synchronization of development become more and more important, we have to change our way of thinking. Hardware SPICE regards the development of electrics and electronics as part of such systems and is intended to help bring structure and maturity to this development. This enables the maturity of complete systems to be viewed and assessed and prepares us for the challenges of safety and security. In this webinar we want to take a look at the Hardware SPICE standard and get to know how it can be helpful to us in the future.
|
Download the presentation
|
Watch the recording on YouTube
| ||
intacs™ SPICE assessors today and tomorrow -
Skills and training requirements for new topics such as cybersecurity
Date: 30.11.2021, 4 pm (CET/CEST)
Language: English
Speaker: Bernhard Sechser
Skills and training requirements for new topics such as cybersecurity
Date: 30.11.2021, 4 pm (CET/CEST)
Language: English
Speaker: Bernhard Sechser
Cybersecurity - a topic that is currently on everyone's lips and affects every company that wants to survive in the automotive industry in the future. In addition to the already high demands on the quality and functional safety of the systems developed for a highly complex vehicle, topics such as access protection, threat defense, security strategies, etc. are now being added. For the developers of such systems themselves, it is already difficult to know and consider all the necessary aspects. But beyond that, there must be other, independent, and objective people who must be able to evaluate the implemented solutions, both technically and in terms of systematical development.
Automotive SPICE® is a process assessment model that is demanded by vehicle manufacturers as the basis for almost all these systems. In Functional Safety according to ISO 26262, it is often equated with the "QM" level. However, the topic has never officially managed to be integrated into Automotive SPICE®.
When it comes to cybersecurity, things are quite different. In its rule R155, the UNECE requires, among other things, that vehicle manufacturers identify and manage cybersecurity risks in the supply chain. In this context, Automotive SPICE® is named as an appropriate method to identify process-related product risks by adding cybersecurity-specific processes. But here, too, the question arises as to who should and can check these processes for adequacy, especially in the context of type approval, where a positive assessment result will become crucial. Until now, there have been no specific requirements for this.
Our webinar aims to shed light on this problem on the assessor side and to present both the currently defined procedure and the future intacs™ training scheme.
Automotive SPICE® is a process assessment model that is demanded by vehicle manufacturers as the basis for almost all these systems. In Functional Safety according to ISO 26262, it is often equated with the "QM" level. However, the topic has never officially managed to be integrated into Automotive SPICE®.
When it comes to cybersecurity, things are quite different. In its rule R155, the UNECE requires, among other things, that vehicle manufacturers identify and manage cybersecurity risks in the supply chain. In this context, Automotive SPICE® is named as an appropriate method to identify process-related product risks by adding cybersecurity-specific processes. But here, too, the question arises as to who should and can check these processes for adequacy, especially in the context of type approval, where a positive assessment result will become crucial. Until now, there have been no specific requirements for this.
Our webinar aims to shed light on this problem on the assessor side and to present both the currently defined procedure and the future intacs™ training scheme.
|
Download the presentation
|
Watch the recording on YouTube
| ||
Mechanical Development Today - According to SPICE
Date: 22.09.2021, 4 pm (CET/CEST)
Language: German
Speaker: Timo Karasch
Date: 22.09.2021, 4 pm (CET/CEST)
Language: German
Speaker: Timo Karasch
The process model for the evaluation of mechanical development "SPICE for Mechanical Engineering" has been available for several years now. Up to now, the focus was on the implementation of improvement measures and the update of development processes.
Bridging the gap between a standard based on a software-based model (Automotive SPICE®) and the classical world of mechanical development still poses major challenges. This webinar therefore addresses the following questions:
Bridging the gap between a standard based on a software-based model (Automotive SPICE®) and the classical world of mechanical development still poses major challenges. This webinar therefore addresses the following questions:
- Why do I need SPICE for Mechanical Engineering?
- Which processes are described?
- What is the difference between system, mechanical and product development?
- What are typical results that are evaluated in an assessment?
- How do Automotive SPICE® and SPICE for Mechanical Engineering work together?
- What experience has already been gained from assessments?
|
Download the presentation
|
Watch the recording on YouTube
| ||
Pitfall "micromanagement in projects"
Date: 20.07.2021, 4 pm (CET/CEST)
Language: German
Speaker: Horst Kostal
Date: 20.07.2021, 4 pm (CET/CEST)
Language: German
Speaker: Horst Kostal
Micromanagement is an important indicator of an immature organization.
Why is it that large parts of the management are not aware of what micromanagement is, what causes it and what serious effects it can have?
The webinar will answer these questions and show what effects micromanagement has on the motivation of project staff and what effects can be expected on quality and schedules.
We will look at how micromanagement can be safely prevented without loss of control.
Why is it that large parts of the management are not aware of what micromanagement is, what causes it and what serious effects it can have?
The webinar will answer these questions and show what effects micromanagement has on the motivation of project staff and what effects can be expected on quality and schedules.
We will look at how micromanagement can be safely prevented without loss of control.
|
Download the presentation
|
Watch the recording on YouTube
| ||
Automotive SPICE for Cybersecurity
Date: 17.05.2021, 4 pm (CET/CEST)
Language: English
Speaker: Timo Karasch
Date: 17.05.2021, 4 pm (CET/CEST)
Language: English
Speaker: Timo Karasch
In February 2021, the VDA yellow print "Automotive SPICE® for Cybersecurity" was published.
Based on ISO/IEC 33020:2015 and ISO/SAE 21434, it defines a process assessment model that extends the well-known Automotive SPICE® model.
Guidelines including rules and recommendations are also included.
But what does this mean? What is in store for assessors and development projects?
The webinar presents the extension and answers the following questions:
Based on ISO/IEC 33020:2015 and ISO/SAE 21434, it defines a process assessment model that extends the well-known Automotive SPICE® model.
Guidelines including rules and recommendations are also included.
But what does this mean? What is in store for assessors and development projects?
The webinar presents the extension and answers the following questions:
- What is included?
- How will assessments be carried out?
- Which existing processes are extended?
- Which Automotive SPICE® processes move into the scope?
- Which new processes are there?
- What does this mean for future assessments?
|
Download the presentation
|
Watch the recording on YouTube
| ||