At a glance – the ISO 21434 standard
The ultimate goal of any cybersecurity engineering management system is to produce secure systems that are suitable for their intended use. This is achieved by accurately identifying and assessing cybersecurity risks that emerge throughout the product life cycle and providing mechanisms to reduce those risks to reasonable levels. Without the structured systematic engineering approach, engineers resort to an ad hoc approach to identifying risks as they become known and applying cybersecurity controls using a mixture of security best practices and expert knowledge. This commonly leads to three outcomes:
- Certain risks remain unknown as the program cannot claim with certainty that all risk sources have been accounted for or that all technical risks have been analyzed
- Inadequate cybersecurity controls are chosen, leaving residual risk that is not quantified or understood
- Cybersecurity controls are over-engineered, resulting in...
