Cybersecurity: Change Impact Analysis, Reporting & Framework Customization

Overview

This is the 4th part of a 4-part webinar series that demonstrates an end-to-end cybersecurity workflow that manages risks efficiently and consistently. The workflow covers everything from early asset and threat identification at system level, to implementation and verification of countermeasures in the software. It integrates safety data from analyses such as FHA and FMEA, enables change analysis, and keeps risk data and decisions consistent with the architecture and design. 

In this 4th part you will learn how you can efficiently manage your security in a changing threat landscape, and how Model-Based Design helps keeping all risk and design data consistent. After discussing typical reasons for why risk/threat analysis needs frequent updates, you will learn how to trace and assess changes to your model or risk data without missing anything. You will learn how to set a baseline, how to run impact analysis, how to leverage diff views and how to validate your threat model for consistency. Reporting is an essential part of any design and analysis activity, hence we will also show how to quickly create PDF/HTML reports for audit and for archiving, to capture the state of modeling and risk analysis. Finally we will discuss how the risk model can be customized to meet specific standards such as DO-356, IEC-62443 and ISO/SAE 21434.

Highlights

• Typical reasons to change and/or update the risk/threat analysis
• Assess changes and their impact, and keeping the risk model consistent
• Generate simple and advanced reports for Excel, Word, PDF and HTML
• How to customize the risk model (thresholds, levels, calculation etc)
• How to get a risk model that is compliant to DO-356, ISO/SAE 21434, and IEC 62443 cybersecurity regulations

About the Presenters

Marco Bimbi is a Principal Application Engineer focusing on Model Based Systems Engineering workflows for safety critical applications. Marco joined MathWorks in 2022. Before joining The MathWorks, he has worked for 10+ years in aerospace as well as rails industries such as Rolls-Royce and Deutsche Bahn focusing on Systems Engineering workflows for safety critical applications. During his career he held various roles such as Control Systems Architect, Model Based Systems Engineering Specialist and Requirements Manager. At MathWorks Marco helps customers to leverage MathWorks toolchain, including System Composer, for their Systems Engineering workflow. Moreover, Marco provides industry insight to the MathWorks development team to drive future product capabilities

Martin Becker is a Principal Application Engineer at The MathWorks and an independent security researcher. He received his Ph.D. in software verification from Technical University of Munich for his work on real-time computer systems, and has 20 years of experience in embedded systems, amongst others working as avionics engineer at Airbus Defense & Space, Research Engineer at Tata Consultancy Services, and Lecturer at Singapore Institute of Technology. In his daily work, he supports customers from all industries in the efficient development of safety-critical software and certification according to industrial standards, accompanies the development of innovative verification tools, and uses them himself as an ethical hacker in the field of FOSS software.