The Concept Phase involves consideration of vehicle level functionality, as implemented in items. The item definition forms the basis for the subsequent activities.
In the Concept Phase you may specify cybersecurity goals for the item (i.a.w. ISO/SAE 21434 clause 9.4), which are the highest level of requirements. For this purpose, cybersecurity risks are assessed, which is derived from existing TARA activities (i.a.w. ISO/SAE 21434 clause 15).
In addition, you may specify cybersecurity claims, which are used to explain why risk retention or sharing are considered adequate.
The cybersecurity concept (i.a.w. ISO/SAE 21434 clause 9.5) consists of cybersecurity requirements and requirements on the operational environment, both of which are derived from the cybersecurity goals and based on a comprehensive view of the item. If you have already an existing TARA model, itemis SECURE provides guidance to derive requirements from Assumptions and Controls in your attack trees.
We made sure that you will be able to take a look at usages of the new types and assistants in our shipped examples. This should help you get familiar with them and add them to your existing projects. In the following sections we will provide you with all the information you need to get started with Security Concept Phase.