TARA in Practice

Threat Analyses and Risk Assessments on a regular basis are the centerpiece of automotive cybersecurity. In this course, you will learn how to perform your first TARA. You are in good hands with this training if you perform a TARA for the very first time or if you want to improve your risk assessment capabilities. For this, we introduce you into the risk assessment concept defined by the ISO/SAE 21434 international standard, Clause 15. While the standard tells only what to do, we will provide you with a practice-oriented nine-step approach.

BACK TO SECURITY-TRAININGS
  • TARA in Practice

    About the TARA training

    In this training you'll be familiar with both theoretical and practical knowledge on TARA, the designated risk assessment method of the ISO/SAE 21434 international standard. In the automotive industry, this ISO standard expects companies that develop electronic systems to perform TARA multiple times in their entire vehicle or product lifecycle. According ISO/SAE 21434, Clause 15, each risk assessment is done in seven consecutive steps. This requirement – performing TARA on a regular basis and in a controlled manner – results in TARA becoming the pivotal point of cybersecurity-oriented processes.

    Consider to register for this TARA training if you have already joined the »Cybersecurity Engineer (Automotive)« classes . This course will deepen your practical knowledge significantly.

    •   1 Day
    •   9 - 17 o'clock
    •   Public | Inhouse
    •   DE/EN
    •   limited to 12 participants

    Tara training objectives

    • Be familiar with the Risk Assessment Method of ISO/SAE 21434, Clause 15, the risk based approach on threat analysis
    • Get knowledge how to rate different impact categories, attack feasibility and risk value and which of the options we recommend 
    • Know which additional external sources and methods can be used beside the standard
    • Hear about further guidelines and additional sources of information, 
      such as ENISA, UNECE, MS STRIDE, …
    • Gain knowledge how to apply Clause 15 to benefit from TARA within Clause 9, Concept Phase
    • Be familiar with the detailed Excel-based TARA template provided in this course
    • Experience how this tool is used stepwise in a case study
    • Learn how to moderate a TARA session assisted with the excel tool
    Play

    Training agenda

    • Motivation, Terms and Definitions
    • Overview on Clause 8: Cybersecurity Risk Assessment Method
      9 steps provided by the ISO/SAE 21434
    • Detailed Walkthrough
      - Starting with clause 9: item definition
      - Performing a TARA step by step
      - Derive Cybersecurity Goals
      - Derive Cybersecurity Requirements and their allocation to get the cyber security concept
    • Summary and Wrap Up

    The training will be performed with such MS tools as Powerpoint and Excel. Each step of creating the TARA will be documented in an prepopulated Excel-based TARA template. This template includes capturing checklists and guidances just to name a few. At the end of the training you will have the detailed Excel TARA sheet at your disposal, including sample entries to complete the TARA.

    For each step creating the TARA we will use further material to bridge the knowledge gap between the mere ISO/SAE 21434 requirements and practical implementations.

    Documents and methods explained and used during the course supporting the creation of the TARA will be: MS STRIDE, ENISA, NIST, MITRE, UNECE, ISO 26262, ATA.

    Image   The TARA procedure due to ISO/SAE 21434, clause 8 (previous nomenclature).

    TARGET GROUP OF THE TARA Training

    Those employees who

    • need to perform TARA by themselves during their development projects.
    • want to instruct their colleagues how to perform risk analyses regularly.
    • are responsible for cybersecurity tasks in the future. 
    KNOWING HOW IT’S DONE

    Whether its certification training you need or an individual workshop, you always benefit from the full advantages of our know-how. We will design the right training to match your needs, for you (individually) as an expert, or as an exclusive in-house course for your company. Our experts offer all courses in German and English.

    Smilja Mateja, Training Coordination

    Next training

    Dates

    16 May - 16 May 2024 TARA in Practice

    EN
    Online (EU)
    621 eur p.P.*

    Book early to receive an early-bird discount or apply for a group discount on course fees.

    Extra value

    LEARNING IN A PLEASANT AND FRIENDLY ATMOSPHERE

    We look forward to welcoming you to our training courses. To make it easier for you to concentrate on your course, we do everything we can to make your stay as pleasant as possible. 

    If your course lasts more than four days, we would be delighted to invite you out for the evening. This is also a useful opportunity to discuss what you have learnt or experienced with other course participants and forge friendships.

    Process & organisation

    Information on the training programme

    Some courses take place several times a year as classroom training sessions. Others are only offered as in-house training.

    To make a binding reservation, book directly through the website or send us an order. We will confirm course dates as soon as we have received a minimum number of reservations. You will be sent all required information on course arrangements in advance. Fees include digital course materials, and, if you come to our sites, lunch and refreshments during breaks.

    Most of our courses can also be booked as in-house training sessions. Our instructors will be happy to travel directly to your place of work and train your teams on site. We can also mix and match the content of in-house courses and take a particular situation affecting your projects into account. We will be happy to write a concept proposal for your specific training requirements.

    All courses outlined in our training programme can be held in German or English. Our training materials are written in English.

    You will receive the training documents as a PDF. We recommend that you have your notebook or tablet with you during the course.

    Training package: Seminar skills and attractive discounts

    • 10% early-bird booking discount if you register six or more weeks before a training session.
    • 10% group discount if you register more than one participant from your company for the same course.

    Want to save even more? Discounts can be combined for the same course.

    These conditions do not apply to VDA examination fees for Automotive SPICE® assessor training sessions or the Scaled Agile, Inc. fee for SAFe training.

    We strongly recommend that you have the appropriate ISO standards at hand for and during the exam, and of course during your further work.

    For the Cybersecurity Engineer training (TÜV Nord) this concerns ISO/SAE 21434, for the Functional Safety Engineer course (TÜV Rheinland) the safety standard ISO 26262. For Automotive SPICE® training, however, you will receive the model in the form of our original pocket guide.

    For legal reasons, we are unfortunately not authorized to provide you with a copy of ISO standards. Please ask your employer if you can obtain the respective standard there.

    Conditions of participation

    For courses in our seminar rooms, the fees include digital course materials, lunch and refreshments during breaks per person.

    Our services will be invoiced before beginning of training course.

    Terms of payment: 10 days net. In case of late payment late interest will be charged in accordance with current BGB regulations, in particular §288 BGB (German Civil Code).

    This offer is only open to companies or registered tradespersons. All fees are subject to current sales tax and must be paid on receipt of invoice. Early-bird and group discounts will be subtracted as necessary from invoices.

    We will confirm receipt of your registration. Registrations can be cancelled without penalty up to 6 weeks before each individual event; after that the following rules apply:

    • 6 weeks to 4 weeks before the start of the event = 10%. 
    • 4 weeks to 7 days before the event = 50%.
    • Fees will not be refunded if you cancel a course less than a week before an event.

    We will gladly accept a substitute participant at no additional cost. 

    All courses may be subject to change due to unforeseen circumstances.

    We charge the examination fees of third parties (such as VDC QMC and Scaled Agile Inc. as well as TÜV Rheinland and TÜV Nord) on their behalf. Such fees are not eligible for a discount.

    Your personal information will be stored by KUGLER MAAG CIE GmbH in order to organise the event. By registering for a course you also agree to us contacting you by fax, email or telephone. If you do not wish to consent to us using your information in this way, please send us a message or get in touch. You have the right to withdraw your consent to this arrangement at any time.

    If you take part in an examination with a third-party provider such as the VDA QMC and Scaled Agile Inc. as well as TÜV Rheinland and TÜV Nord, we will pass on the necessary data to the respective provider.

    DATA PROTECTION