I am currently serving roles at both Trend Micro Inc. and VicOne Inc., focusing on automotive cybersecurity. My background as a hardware and firmware researcher has significantly aided me in evaluating various regulations and the design and security issues of system architectures from an industry perspective over the years. In recent times, my main efforts at VicOne Inc. have been dedicated to assisting clients in overcoming various design-related challenges.
As various regulations are implemented within tight deadlines, the automotive industry has been vigorously seeking certification processes and safety architecture evaluations in recent years. When manufacturers are choosing suppliers or attempting to establish their laboratories to tackle these issues, they encounter practical challenges, particularly with TARA (Threat Assessment & Risk Analysis) and VMS (Vulnerability Management Systems). The question arises: How can one accurately set the Security Boundary? This crucial yet often unaddressed issue, which neither ISO documentation nor consultants provide clear answers to, will be tackled in this presentation. Drawing from extensive experience in industry advisory roles, we will outline some fundamental guidelines. Additionally, we will use 'realistic' architectural diagrams and documents, which do not disclose any proprietary secrets, for live demonstrations and analysis.
In recent years, the sudden increase in regulatory demands within the cybersecurity domain has presented manufacturers, supply chains, and brand merchants with a critical decision: whether to fully outsource their cybersecurity needs or to establish in-house laboratories to address these demands. How should one select a service provider? Which tools should be chosen? Is it necessary to engage vendors for penetration testing? Should third-party supervisory consultants be hired? How can one manage their supply chain requirements effectively?
This session will skip over the basic introductions and dive directly into the decision-making and risks associated with various cybersecurity certification processes. We'll explore which requirements are manageable through outsourcing, which phases are prone to unexpected challenges, the details to consider when selecting auxiliary tools, and strategies for the ongoing maintenance of information security during the product lifecycle or internal staff training directions, among other topics. Extensive scenario analysis and experience sharing will be featured throughout this presentation.
CYBERSEC 2024 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。