A solid threat analysis and risk assessment (TARA) is the basis of a thorough security concept and thus of all security-related steps in the development process. In this advanced coaching, we explain an established and approved TARA methodology that is based on the Common Criteria and fully aligned with ISO/SAE 21434.
The theoretical part is complemented by a practical part. Here, the customer team creates a TARA for one of their systems, while the ESCRYPT trainer provides support and reviews.
- Product and project managers who need to understand the methodology of a threat analysis and risk assessment in the context of the product development process
- Security managers who are responsible for conducting the threat analysis and risk assessment during the product development process
- Learn and understand how the threat analysis and risk assessment contributes to efficient and effective risk management, e.g., in the context of ISO/SAE 21434
- Get to know a methodology how a threat analysis and risk assessment is performed
- Carry out a threat analysis and risk assessment for one of your systems
- Basic knowledge of product development processes
- Detailed understanding and awareness of security risks for your product category
- Overview and description of the system that is to be evaluated
- 3 days (spread over approx. 3 month)