Review your cybersecurity maturity

The list of vulnerabilities in the vehicles is long and it is said that companies hardly learn from mistakes. We can help identify the problems and solve them.

We will work with your organization to perform these steps to assess and improve your cybersecurity maturity:

Product specific:

  • perform an analysis of your Software Development Lifecycle (SDL)
  • perform a cybersecurity assessment of your supply chain
  • perform a vulnerability test of your software product
  • perform an IoT pentest on your devices (through a partner)

Company specific:

  • perform a pentest on your infrastructure and external services

 

Get your organization prepared for UN ECE/TRANS/WP.29 (UN ECE Regulation 155 and ISO 21434)

A Cyber Security Management System (CSMS) is soon going to become mandatory for all vehicles manufacturers and suppliers.

In the automotive industry Cybersecurity is already a critical success factor. Starting with July 2024, the type approval of vehicles will only be possible if a certified CSMS is available and Cyber Security is ensured throughout the entire life cycle of the vehicle.

UN ECE WP.29, the UN regulation on Cyber Security and the ISO/SAE 21434 standard are expected to make this mandatory from mid 2024.

 

Together with our partners in automotive cybersecurity we can help you establish in your company the requirements of WP.29 according to the requirements of ISO 21434.

 

  • Help you define and create the Cyber Security Management System (CSMS)

We will work with your organization to define processes, tools, policies, controls and responsibilities to define the Cyber Security Management System.
A CSMS needs to cover certain requirements in order to pass the audit:

The vehicle manufacturer shall demonstrate that their Cyber Security Management System applies to the following phases:
(a) Development phase;
(b) Production phase;
(c) Post-production phase.

 

  • Assess your organization’s cybersecurity according to ISO 21434

Perform a gap analysis on CSMS (ISO/SAE 21434, UNECE R155), analyze your current status and create an action list to achieve compatibility.

 

  • Help you certify according to WP.29

We can recommend some certification body and work with them to start your certification process.

We will accompany you to reach the maturity level which would allow you to achieve the certification.

 

How will we work ?

  • Have a first discussion with the project responsible from the customer’s side.

In this discussion we will establish which are the departments involved and who is responsible for each area.

  • Set up 2-4h interviews with the responsible of each area. In this process we fill in our questionnaire and calculate the security maturity for each security control.

This process can take several days, depending on the company size and availability of the responsible persons.

  • Create a report in Powerpoint (Executive summary) and Excel (Details about the findings) after the security questionnaire ist finalized.

This process can take 2-3 days, depending on how complexity of the company and the findings.

Our report contains the following:

    • Results of the analysis
      • Risks
      • Recommendations
        • for improvements of the basic cyber security.
        • for additional steps to be taken in order to pass the official audit.
  • Present the findings in a meeting with the management of the company and, ideally, with all responsible persons .
© Copyright 2023 Endpoint Cybersecurity GmbH, All rights Reserved.