Experiences with the automotive SPICE for cybersecurity assessment model and tools

Experiences with the automotive SPICE for cybersecurity assessment model and tools

In August 2021 the ISO 21434:2021 standard for Road vehicles—Cybersecurity Engineering has been published. At the same time the blue book from VDA (Verein der Deutschen Automobilgesellschaft; German Automotive Association) for Automotive SPICE cybersecurity assessments has been released. In addition...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of software : evolution and process 2023-09, Vol.35 (9)
Hauptverfasser: Messnarz, Richard, Ekert, Damjan, Macher, Georg, Much, Alexander, Zehetner, Tobias, Aschbacher, Laura
Format: Artikel
Sprache:eng
Schlagworte:
Assessments
Automobiles
Cybersecurity
Training
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue 9
container_start_page
container_title Journal of software : evolution and process
container_volume 35
creator Messnarz, Richard
Ekert, Damjan
Macher, Georg
Much, Alexander
Zehetner, Tobias
Aschbacher, Laura
description In August 2021 the ISO 21434:2021 standard for Road vehicles—Cybersecurity Engineering has been published. At the same time the blue book from VDA (Verein der Deutschen Automobilgesellschaft; German Automotive Association) for Automotive SPICE cybersecurity assessments has been released. In addition in the period September–December 2021 the training material for iNTACS (INTernational Assessor Certification Schema) certified Automotive SPICE for cybersecurity assessors has been developed. Since February 2022 the upgrade training of assessors worldwide has started. Beside the ASPICE (Automotive SPICE) for cybersecurity blue book also a red book from VDA has been published. The red book describes the questions to check in an ACSMS (Automotive CyberSecurity Management System) audit. This paper explains the main strategy and content for ASPICE for Cybersecurity assessments and how such assessments are integrated to the overall ACSMS strategy. Also, the paper outlines an example method and tool used in ASPICE for cybersecurity assessments and how such assessment results will look like.
doi_str_mv 10.1002/smr.2519
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2861478763</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2861478763</sourcerecordid><originalsourceid>FETCH-LOGICAL-c216t-b38cc139bbae5ef425d02a2d08674cbc7cfb9b8c6968f192199824f29db835f03</originalsourceid><addsrcrecordid>eNo9kE1LAzEYhIMoWGrBnxDw4mVrkv1IcpRStVBQ_DiHTfYN3dLd1LxZtf_eLRXnMnMYZuAh5JqzOWdM3GEX56Lk-oxMBCtkJgvFz_-zzC_JDHHLRlWClUU5Ia_Lnz3EFnoHSL_btKFpA7QeUuhCar-Avr2sFkvqQ6TuYCEiuCG26UBrREDsoE-0Cw3saN03NIWwwyty4esdwuzPp-TjYfm-eMrWz4-rxf06c4JXKbO5co7n2toaSvCFKBsmatEwVcnCWSedt9oqV-lKea4F11qJwgvdWJWXnuVTcnPa3cfwOQAmsw1D7MdLI1TFC6lklY-t21PLxYAYwZt9bLs6Hgxn5gjNjNDMEVr-CyW5X4s</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2861478763</pqid></control><display><type>article</type><title>Experiences with the automotive SPICE for cybersecurity assessment model and tools</title><source>Wiley Online Library Journals Frontfile Complete</source><creator>Messnarz, Richard ; Ekert, Damjan ; Macher, Georg ; Much, Alexander ; Zehetner, Tobias ; Aschbacher, Laura</creator><creatorcontrib>Messnarz, Richard ; Ekert, Damjan ; Macher, Georg ; Much, Alexander ; Zehetner, Tobias ; Aschbacher, Laura</creatorcontrib><description>In August 2021 the ISO 21434:2021 standard for Road vehicles—Cybersecurity Engineering has been published. At the same time the blue book from VDA (Verein der Deutschen Automobilgesellschaft; German Automotive Association) for Automotive SPICE cybersecurity assessments has been released. In addition in the period September–December 2021 the training material for iNTACS (INTernational Assessor Certification Schema) certified Automotive SPICE for cybersecurity assessors has been developed. Since February 2022 the upgrade training of assessors worldwide has started. Beside the ASPICE (Automotive SPICE) for cybersecurity blue book also a red book from VDA has been published. The red book describes the questions to check in an ACSMS (Automotive CyberSecurity Management System) audit. This paper explains the main strategy and content for ASPICE for Cybersecurity assessments and how such assessments are integrated to the overall ACSMS strategy. Also, the paper outlines an example method and tool used in ASPICE for cybersecurity assessments and how such assessment results will look like.</description><identifier>ISSN: 2047-7473</identifier><identifier>EISSN: 2047-7481</identifier><identifier>DOI: 10.1002/smr.2519</identifier><language>eng</language><publisher>Chichester: Wiley Subscription Services, Inc</publisher><subject>Assessments ; Automobiles ; Cybersecurity ; Training</subject><ispartof>Journal of software : evolution and process, 2023-09, Vol.35 (9)</ispartof><rights>2023 John Wiley &amp; Sons, Ltd.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c216t-b38cc139bbae5ef425d02a2d08674cbc7cfb9b8c6968f192199824f29db835f03</cites><orcidid>0000-0002-0555-3160</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27903,27904</link.rule.ids></links><search><creatorcontrib>Messnarz, Richard</creatorcontrib><creatorcontrib>Ekert, Damjan</creatorcontrib><creatorcontrib>Macher, Georg</creatorcontrib><creatorcontrib>Much, Alexander</creatorcontrib><creatorcontrib>Zehetner, Tobias</creatorcontrib><creatorcontrib>Aschbacher, Laura</creatorcontrib><title>Experiences with the automotive SPICE for cybersecurity assessment model and tools</title><title>Journal of software : evolution and process</title><description>In August 2021 the ISO 21434:2021 standard for Road vehicles—Cybersecurity Engineering has been published. At the same time the blue book from VDA (Verein der Deutschen Automobilgesellschaft; German Automotive Association) for Automotive SPICE cybersecurity assessments has been released. In addition in the period September–December 2021 the training material for iNTACS (INTernational Assessor Certification Schema) certified Automotive SPICE for cybersecurity assessors has been developed. Since February 2022 the upgrade training of assessors worldwide has started. Beside the ASPICE (Automotive SPICE) for cybersecurity blue book also a red book from VDA has been published. The red book describes the questions to check in an ACSMS (Automotive CyberSecurity Management System) audit. This paper explains the main strategy and content for ASPICE for Cybersecurity assessments and how such assessments are integrated to the overall ACSMS strategy. Also, the paper outlines an example method and tool used in ASPICE for cybersecurity assessments and how such assessment results will look like.</description><subject>Assessments</subject><subject>Automobiles</subject><subject>Cybersecurity</subject><subject>Training</subject><issn>2047-7473</issn><issn>2047-7481</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNo9kE1LAzEYhIMoWGrBnxDw4mVrkv1IcpRStVBQ_DiHTfYN3dLd1LxZtf_eLRXnMnMYZuAh5JqzOWdM3GEX56Lk-oxMBCtkJgvFz_-zzC_JDHHLRlWClUU5Ia_Lnz3EFnoHSL_btKFpA7QeUuhCar-Avr2sFkvqQ6TuYCEiuCG26UBrREDsoE-0Cw3saN03NIWwwyty4esdwuzPp-TjYfm-eMrWz4-rxf06c4JXKbO5co7n2toaSvCFKBsmatEwVcnCWSedt9oqV-lKea4F11qJwgvdWJWXnuVTcnPa3cfwOQAmsw1D7MdLI1TFC6lklY-t21PLxYAYwZt9bLs6Hgxn5gjNjNDMEVr-CyW5X4s</recordid><startdate>20230901</startdate><enddate>20230901</enddate><creator>Messnarz, Richard</creator><creator>Ekert, Damjan</creator><creator>Macher, Georg</creator><creator>Much, Alexander</creator><creator>Zehetner, Tobias</creator><creator>Aschbacher, Laura</creator><general>Wiley Subscription Services, Inc</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-0555-3160</orcidid></search><sort><creationdate>20230901</creationdate><title>Experiences with the automotive SPICE for cybersecurity assessment model and tools</title><author>Messnarz, Richard ; Ekert, Damjan ; Macher, Georg ; Much, Alexander ; Zehetner, Tobias ; Aschbacher, Laura</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c216t-b38cc139bbae5ef425d02a2d08674cbc7cfb9b8c6968f192199824f29db835f03</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Assessments</topic><topic>Automobiles</topic><topic>Cybersecurity</topic><topic>Training</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Messnarz, Richard</creatorcontrib><creatorcontrib>Ekert, Damjan</creatorcontrib><creatorcontrib>Macher, Georg</creatorcontrib><creatorcontrib>Much, Alexander</creatorcontrib><creatorcontrib>Zehetner, Tobias</creatorcontrib><creatorcontrib>Aschbacher, Laura</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Journal of software : evolution and process</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Messnarz, Richard</au><au>Ekert, Damjan</au><au>Macher, Georg</au><au>Much, Alexander</au><au>Zehetner, Tobias</au><au>Aschbacher, Laura</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Experiences with the automotive SPICE for cybersecurity assessment model and tools</atitle><jtitle>Journal of software : evolution and process</jtitle><date>2023-09-01</date><risdate>2023</risdate><volume>35</volume><issue>9</issue><issn>2047-7473</issn><eissn>2047-7481</eissn><abstract>In August 2021 the ISO 21434:2021 standard for Road vehicles—Cybersecurity Engineering has been published. At the same time the blue book from VDA (Verein der Deutschen Automobilgesellschaft; German Automotive Association) for Automotive SPICE cybersecurity assessments has been released. In addition in the period September–December 2021 the training material for iNTACS (INTernational Assessor Certification Schema) certified Automotive SPICE for cybersecurity assessors has been developed. Since February 2022 the upgrade training of assessors worldwide has started. Beside the ASPICE (Automotive SPICE) for cybersecurity blue book also a red book from VDA has been published. The red book describes the questions to check in an ACSMS (Automotive CyberSecurity Management System) audit. This paper explains the main strategy and content for ASPICE for Cybersecurity assessments and how such assessments are integrated to the overall ACSMS strategy. Also, the paper outlines an example method and tool used in ASPICE for cybersecurity assessments and how such assessment results will look like.</abstract><cop>Chichester</cop><pub>Wiley Subscription Services, Inc</pub><doi>10.1002/smr.2519</doi><orcidid>https://orcid.org/0000-0002-0555-3160</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 2047-7473
ispartof Journal of software : evolution and process, 2023-09, Vol.35 (9)
issn 2047-7473
2047-7481
language eng
recordid cdi_proquest_journals_2861478763
source Wiley Online Library Journals Frontfile Complete
subjects Assessments
Automobiles
Cybersecurity
Training
title Experiences with the automotive SPICE for cybersecurity assessment model and tools
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-22T18%3A39%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Experiences%20with%20the%20automotive%20SPICE%20for%20cybersecurity%20assessment%20model%20and%20tools&rft.jtitle=Journal%20of%20software%20:%20evolution%20and%20process&rft.au=Messnarz,%20Richard&rft.date=2023-09-01&rft.volume=35&rft.issue=9&rft.issn=2047-7473&rft.eissn=2047-7481&rft_id=info:doi/10.1002/smr.2519&rft_dat=%3Cproquest_cross%3E2861478763%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2861478763&rft_id=info:pmid/&rfr_iscdi=true