United Nations


How to evidence consideration of the threats, mitigations and principles identified



Download 1,05 Mb.
bet7/33
Sana03.03.2022
Hajmi1,05 Mb.
#480069
1   2   3   4   5   6   7   8   9   10   ...   33
Bog'liq
Document

How to evidence consideration of the threats, mitigations and principles identified

  1. To demonstrate that organisations have taken note of the recommendations in this paper it would be necessary for them to evidence how they have done so. This section describes what evidence could be used for this purpose.

  2. The section does not distinguish to whom it might be necessary to share this information. It is possible it may be used internally within an organisation, between different organisations in a supply chain (for example manufacturer and supplier), or between manufacturers and relevant authorities (for example type approval bodies). Similarly the section does not state the technical depth that would be needed. This should be determined by the organisations involved and proportionate to the purpose they are using it for.

  3. Initial assessment (Design and development stage). Organizations should be able to provide justifications of the security measures employed in their systems and/or vehicles and how they are addressing cyber security.

  4. Organisations should be able to describe how they have considered the threats, mitigations and principles identified in this paper during the design and production of their systems/vehicles and the rationale for their choices. Within this they should be able to document:

    1. How they have considered the threats and vulnerabilities identified (as detailed in annex 1) within their risk assessments, as well as consideration of any risks or vulnerabilities that were not identified.

    2. How they are implementing the key mitigations and cyber security principles identified in this paper (as described in annexes 1 and 2)

    3. What specific technical mitigations have been implemented and the rational for their choices.

  5. How organisations should achieve this is not specified as it will be dependent on the organisation, the system or vehicle design and the applicability of the threats or mitigations to that design.

  6. Organisations may consider the threats, mitigations and principles in terms of systems and in terms of the whole vehicle type approval. For type approved systems the design of the system should ensure that the availability and safety of the system cannot be compromised through cyber threats or vulnerabilities. There may also be a need to consider this for non-type approved systems that could affect the safe operation, or availability, of the vehicle should they fail or be compromised. Finally, as some mitigations may be hard to incorporate into the type approval processes, there will be a need to consider cyber security at a vehicle level, considering the interactions of the different vehicle systems and considering, at this level, the threats, mitigations and principles.


  7. Download 1,05 Mb.

    Do'stlaringiz bilan baham:
1   2   3   4   5   6   7   8   9   10   ...   33



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish