scope:

Purpose When considering Cybersecurity design, it is necessary to analyze the threats and to assess the risks. However, current standards used as a reference have not clearly defined these procedures. For this reason, this document was developed to describe standard procedures that define the security function by analyzing the threats for the developers of the system, including the in-vehicle network ^(*). The appendices of this document describes the following procedures while showing a simple in-vehicle network as an example:

· Modeling the system (TOE)

· Extracting the Threat analysis

· Evaluating the Risk assessment

· Security objectives

· Extracting the security requirements

Details about extracting security requirements can be found in the CC and other related documents.

^* Although the phase structure of this document can also be applied to threat analysis for each ECU, the examples described herein use the in-vehicle system including the network.