Introduction to Security Standards and regulations
we will talk specially about
UN R155 ( why or the Law )
ISO 21434 ( How or the Steps to follow the Law)
ISO ( International organization for standardization ) and SAE ( Society of Automotive Engineers ) developed together ISO 21434 that titled with " rood Vehicle -Cybersecurity engineering "
to address risks and attack surface that increases with⬆️ increasing the connectivity of the modern vehicle
ISO 21434 is a framework to manage the risk through the vehicle life cycle
ISO came to add a security by design to force the organizations to add a security activity at an earlier stage at the component design to address all the securities vulnerabilities and the verfication and validation that this vulnerability is well managed and fixed and will not exposed to the attacker
as we discussesd before R155 focus on what what we need to protect and the regulations that the manifacture need to follow to protect the driver and pasenger from cyber attacks
thwn ISO 21434 will come to add the HOW to follow R155 regulations
R155 force the OEM implement and have the certified as CSMS cyber Security management system
ISO 21434 is not isolated from another standards it inherits another methodizes and frameworks from another automotive related standards as
iso 26262(functional safety) and SAE J3061(cyber security vehicle systems ) an ISO 27000 (information security) NIST
these standard developed to be process-orianted not techinclly prospective