CRASH COURSE ON AUTOMOTIVE SECURITY
Connected systems are increasingly becoming the focus of threats from cyberspace. This module is targeted at people new to the area, offering a fundamental understanding of potential threats to vehicle electronics and IT infrastructures. It is also an opportunity to look at the different types of security standards used in the automotive industry. Practical guidance is given in order to discuss what you can do to deal with such threats.
BACK TO SECURITY-TRAININGSTraining objectives & content
This two-day module provides you with a fast-track understanding of the fundamentals of automotive security from the perspective of the development department: what do you need to keep in mind as the person in charge of delivering secure systems? To do this, you will gain a fundamental understanding of the attack scenarios that pose a threat to automotive electronics. You will also learn how to use systematic risk assessment to understand the environment your systems operate within and spot potential threats in advance.
Understanding the first steps provides you with an entry point for integrating automotive security into your project.
Also interested in the impact technological requirements have on what you can do to protect your systems? If you are, we also recommend the AUTOMOTIVE SECURITY 2-in-1 COURSE. The 2-in-1 course also covers module two of this fundamentals course.
CRASH COURSE ON SECURITY (AUTOMOTIVE SECURITY – MODULE 1)
You will work through potential attack scenarios in order to recognise vulnerabilities and fend them off in advance. Introducing safeguards begins with methodical systems engineering – secure programs, secure code and other aspects of functional safety. To enable you to do this, we introduce you to the fundamentals of different methods and relevant standards.
- Information security and managing cybersecurity
You will look at uncertainty and gain a fundamental understanding of how to determine and define the scope of security – from information and IT security to cybersecurity and associated protection goals: data transfer, confidentiality, integrity and availability.
Your first step will be to learn about effective control mechanisms and ways to establish a secure environment on both a technical and organisational level in order to minimise uncertainty. - Privacy
You will gain a fundamental understanding of the requirements of European General Data Protection Regulations with respect to vehicle development. You will also be introduced to the potential traps that await you when processing personal user data.
First steps – safeguarding the privacy of vehicle functions - Functional safety and security
You will look at functional safety and security as two sides of the same coin during the lifetime of a vehicle. As well as allowing you to understand different areas of overlap, you will also understand various ways of looking at and dealing with the two user safety concepts. - Automotive standards
Development according to the industry standard Automotive SPICE® works well in complement to automotive security safeguards. The links between these standards and their influence on automotive electronics are also of interest: SAE J3061TM, FIPS, NIST SP 800-53, FIPP, EVITA and a first look at the pending security norm ISO/SAE 21434.
First steps: recommendations that help maintain an overview of security activities - Hacking und automotive hacks
Gain an understanding of the reasons for hacking, what hackers hope to achieve and what makes them tick. This includes looking at threat categories according to the STRIDE model. The emphasis lies on the particular features of vehicles, such as CAN, automotive ethernet and control unit functions that are particularly at risk. - Security standards and risk management
You will become familiar with the security standards that are relevant to the automotive sector and understand the differences between conducting a risk analysis on security, functional safety and privacy. Tools: MS SDL, CC, ISA/IEC 62443, 27k family, BSI. For risk management: STRIDE, DREAD, CERT-X, ISA/IEC 62443-3-2, ISO 27005, BSI 200-3, NIST SP 800-30, ISO/SAE 21434, OWASP, SAMM. Threat analysis: MITRE, NIST, NVD. Methods: security FMEA, ATA.
First steps: suggested procedure for integrating risk analysis into your product life cycle
This detailed two-day course provides you with a wealth of information.
TARGET GROUP OF THE SECURITY CRASH COURSE
Employees
- who need comprehensive insights into threat scenarios and defence strategies
- and be responsible for cybersecurity tasks in the future.
Whether its certification training you need or an individual workshop, you always benefit from the full advantages of our know-how. We will design the right training to match your needs, for you (individually) as an expert, or as an exclusive in-house course for your company. Our experts offer all courses in German and English.
Smilja Mateja, Training Coordination
Next training
Book early to receive an early-bird discount or apply for a group discount on course fees.
Extra value
LEARNING IN A PLEASANT AND FRIENDLY ATMOSPHERE
We look forward to welcoming you to our training courses. To make it easier for you to concentrate on your course, we do everything we can to make your stay as pleasant as possible.
If your course lasts more than four days, we would be delighted to invite you out for the evening. This is also a useful opportunity to discuss what you have learnt or experienced with other course participants and forge friendships.
Process & organisation
Information on the training programme
Some courses take place several times a year as classroom training sessions. Others are only offered as in-house training.
To make a binding reservation, book directly through the website or send us an order. We will confirm course dates as soon as we have received a minimum number of reservations. You will be sent all required information on course arrangements in advance. Fees include digital course materials, and, if you come to our sites, lunch and refreshments during breaks.
Most of our courses can also be booked as in-house training sessions. Our instructors will be happy to travel directly to your place of work and train your teams on site. We can also mix and match the content of in-house courses and take a particular situation affecting your projects into account. We will be happy to write a concept proposal for your specific training requirements.
All courses outlined in our training programme can be held in German or English. Our training materials are written in English.
You will receive the training documents as a PDF. We recommend that you have your notebook or tablet with you during the course.
Training package: Seminar skills and attractive discounts
- 10% early-bird booking discount if you register six or more weeks before a training session.
- 10% group discount if you register more than one participant from your company for the same course.
Want to save even more? Discounts can be combined for the same course.
These conditions do not apply to VDA examination fees for Automotive SPICE® assessor training sessions or the Scaled Agile, Inc. fee for SAFe training.
We strongly recommend that you have the appropriate ISO standards at hand for and during the exam, and of course during your further work.
For the Cybersecurity Engineer training (TÜV Nord) this concerns ISO/SAE 21434, for the Functional Safety Engineer course (TÜV Rheinland) the safety standard ISO 26262. For Automotive SPICE® training, however, you will receive the model in the form of our original pocket guide.
For legal reasons, we are unfortunately not authorized to provide you with a copy of ISO standards. Please ask your employer if you can obtain the respective standard there.
Conditions of participation
For courses in our seminar rooms, the fees include digital course materials, lunch and refreshments during breaks per person.
Our services will be invoiced before beginning of training course.
Terms of payment: 10 days net. In case of late payment late interest will be charged in accordance with current BGB regulations, in particular §288 BGB (German Civil Code).
This offer is only open to companies or registered tradespersons. All fees are subject to current sales tax and must be paid on receipt of invoice. Early-bird and group discounts will be subtracted as necessary from invoices.
We will confirm receipt of your registration. Registrations can be cancelled without penalty up to 6 weeks before each individual event; after that the following rules apply:
- 6 weeks to 4 weeks before the start of the event = 10%.
- 4 weeks to 7 days before the event = 50%.
- Fees will not be refunded if you cancel a course less than a week before an event.
We will gladly accept a substitute participant at no additional cost.
All courses may be subject to change due to unforeseen circumstances.
We charge the examination fees of third parties (such as VDC QMC and Scaled Agile Inc. as well as TÜV Rheinland and TÜV Nord) on their behalf. Such fees are not eligible for a discount.
Your personal information will be stored by KUGLER MAAG CIE GmbH in order to organise the event. By registering for a course you also agree to us contacting you by fax, email or telephone. If you do not wish to consent to us using your information in this way, please send us a message or get in touch. You have the right to withdraw your consent to this arrangement at any time.
If you take part in an examination with a third-party provider such as the VDA QMC and Scaled Agile Inc. as well as TÜV Rheinland and TÜV Nord, we will pass on the necessary data to the respective provider.
