Overview

SecuRESafe (SRES) is an authorized provider of the SGS-TÜV Saar Certified Automotive Cybersecurity Professional (CACSP) Training and Certificate Program. This 3-day course is designed to build practical knowledge and application of ISO/SAE 21434:2021 — the international standard for cybersecurity in road vehicles. Participants will learn how to embed cybersecurity throughout the lifecycle of electrical and electronic systems, from concept development to decommissioning.

Led by expert instructors with real-world experience in cybersecurity engineering and compliance, this live training includes lectures, interactive discussions, and practical exercises. An optional certificate exam to become a Certified Automotive Cybersecurity Professional (CACSP) is offered on the afternoon of Day 3.

Details

• Automotive threat landscape, core cybersecurity principles, and attack countermeasures
• Overview of relevant security standards including ISO 21434 and IEC 62443
• Cybersecurity Management System (CSMS) and organizational processes
• Threat Analysis and Risk Assessment (TARA) methods and applications
• Security development lifecycle: concept, development, production, post-development
• Comparing ISO/SAE with ISO 26262 functional safety management
• Excursion topics: Automotive SPICE for cybersecurity and UNECE R155 compliance
• Optional 2-hour CACSP certificate exam (afternoon of Day 3)

Objectives

This training is intended for engineers, managers, and technical leaders involved in automotive product development, cybersecurity, or regulatory compliance.

By the end of this course, participants will be able to:

• Understand the scope and goals of ISO/SAE 21434:2021
• Implement key elements of a Cybersecurity Management System (CSMS)
• Perform and evaluate TARA techniques
• Integrate cybersecurity into each phase of the vehicle development lifecycle
• Compare ISO/SAE 21434 with functional safety and other automotive standards

Agenda

Below you will find a tentative schedule for this training course.

DAY 1 — Foundations of Automotive Cybersecurity & Regulatory Standards

• Introduction to Automotive Cybersecurity
  • Current Threat Landscape
  • Security motivation in connected vehicle systems
• Core concepts and terminology
  • Assets, threats and damage scenarios
  • Security properties
• Threat modeling and risk foundations
  • STRIDE-based threat modeling
  • Attack path analysis
  • CVSS and vulnerability classification
• Introduction to ISO/SAE 21434
  • Scope, structure, and objectives of the standard
  • Relationship to functional safety

DAY 2 — Cybersecurity Management and Development Lifecycle

• Cybersecurity Management Systems (CSMS)
  • Cybersecurity governance, culture & information sharing
  • Supporting systems: configuration, update, requirements & tool management
  • Cybersecurity audits: planning and execution
• Security Development Lifecycle (SDL) – Part 1
  • Initiation phase: relevance check, plan tailoring, reuse analysis
  • Concept phase: item definition, TARA, cybersecurity concept

DAY 3 — From Design to Operations: Implementation & Compliance

• Security Development Lifecycle (SDL) – Part 2
  • Design phase: Cybersecurity specification and architectural design
  • Verification & validation
  • Cybersecurity case
• Post-Development Activities
  • Securing production, operations and maintenance
  • Incident response management & secure software updates
• Supplier Collaboration & Continuous Activities
  • Cybersecurity Interface Agreement and role distribution
  • Continuous monitoring, event evaluation, vulnerability management
• Optional deep-dive modules
  • UN/ECE R-155 – Type approval and regulatory requirements
  • Automotive SPICE for Cybersecurity
• CACSP Certificate Exam (Optional – Afternoon)