Planning
It may sound trivial, but preparing a cybersecurity plan is essential to guide teams on the overall required work that must be executed before the product is considered ready for release. The cybersecurity plan covers assigning cybersecurity roles and responsibilities, cross-relations to the project and safety plans, the cybersecurity activities that must be completed, tailoring any activities, rationale for reuse, and handling off-the-shelf components, as well as components out of context. Teams can leverage existing project plans and simply extend them to account for cybersecurity activities. Alternatively, a dedicated cybersecurity plan can be prepared to capture the cybersecurity activities. ISO/SAE 21434 requires that at least the concept phase, product development phase, validation phase, and Threat Analysis and Risk Assessment (TARA) activities are described in the cybersecurity plan. However, it can be useful to cover additional aspects, such as planning cybersecurity...
