search
MAN.7
Cybersecurity Risk Management
# PROCESS PURPOSE The purpose is to regularly identify, analyze, prioritize, and monitor risks of damage to relevant stakeholders.
account_tree
Process MapNEW
Visualize relationships between base practices, outcomes and output information items.
expand_more
Visualize relationships between base practices, outcomes and output information items.
account_treeBASE PRACTICESWhat we do
adjustOUTCOMESWhat we achieve
descriptionOUTPUT INFORMATION ITEMSEvidence / What we produce
- O1 The (Item = Component or set of components that implements a function at the vehicle level.) is defined including its functions and boundaries.
- O2 Relevant (Asset = Object that has value or contributes to value.), threats and (Damage scenario = Adverse consequence involving a vehicle or vehicle function and affecting a stakeholder.) are identified and regularly updated.
- O3 Cybersecurity risks are analyzed based on impact rating and (Attack feasibility = Attribute of an attack path describing the ease of successfully carrying out the corresponding set of actions.) rating in order to support prioritization for the treatment of risks.
- O4 The status of risk and the progress of the risk treatment activities is determined.
- O5 Appropriate treatment is taken to mitigate the impact of risk based on its priority, likelihood, and consequence or other defined risk threshold.
BP1
Identify cybersecurity risk management scope. (
O1, O2 )
BP2
Identify cybersecurity events. (
O2 )
BP3
Analyze risks. (
O3 )
BP4
Define risk treatment options. (
O4, O5 )
BP5
Define and perform risk treatment activities. (
O4, O5 )
BP6
Monitor risks. (
O4 )
BP7
Take corrective action. (
O5 )
15-51
Analysis results (
O1, O2, O3 )
Used by these processes:
- MAN.7 Cybersecurity Risk Management
- SEC.1 Cybersecurity Requirements Elicitation
14-02
Corrective action (
O4, O5 )
Used by these processes:
- ACQ.2 Supplier Request and Selection
- MAN.7 Cybersecurity Risk Management
17-53
Cybersecurity threat scenario (
O2 )
Used by these processes:
- MAN.7 Cybersecurity Risk Management
15-09
Risk status (
O4, O5 )
Used by these processes:
- MAN.7 Cybersecurity Risk Management
08-55
Risk treatment (
O3, O4, O5 )
Used by these processes:
- ACQ.2 Supplier Request and Selection
- MAN.7 Cybersecurity Risk Management