Security assessment is the process of identifying and analyzing the threats and evaluating the associated risks to ensure that the cyber security measures you have chosen are appropriate to mitigate the risks your vehicle or system faces.
Evaluating and incorporating cyber security choices without a threat assessment and risk analysis is wastage of time, duplication of effort and resources. Implementing measures to defend against events that are unlikely to occur or won’t have much material impact on vehicle or system is pointless. Likewise, it is possible that threats that could cause significant damage to your vehicle system are overlooked or underestimated.
KPIT’s comprehensive cyber security assessment methodology determines various business, financial and operational impact of the security threats by identifying potential threats, associated risks & vulnerabilities, identifying threat actors and ascertaining attackers’ profile.
KPIT’s automotive cyber security assessment framework is developed based on SAE J3061 guidelines
SAE J3061 provides a framework to design and build cybersecurity into automotive systems in a comprehensive and systematic way, to monitor for and respond to incidents in the field, and to address vulnerabilities in service and operation. J3061 is unique in describing a process framework for cybersecurity that an organization can tailor against its other development processes. This allows an organization to develop an internal cybersecurity process consistent with its other processes in order to build cybersecurity robustness into their cyber- physical systems.
For more details visit: www.sae.org/standards/content/j3061_201601/
At every step of the process the findings are collected and stored as threat library in the K-ASAT (KPIT’S Automotive Security Assessment) Tool for future reference and mitigation plan implementation.
Click here for more details on K-ASAT tool.