資安案例 (Cybersecurity Case) 與評估

兩個關鍵 WP

Cybersecurity Case 結構

┌───────────────────────────────────────┐
│        Top Claim                      │
│ "TCU 達成所有資安目標"                  │
└────────────────┬──────────────────────┘
                 │ Argument
       ┌─────────┴─────────┐
       │                   │
   Sub-claim 1         Sub-claim 2
   "CG-001 達成"       "CG-002 達成"
       │                   │
   ┌───┴───┐           ┌───┴───┐
 Evidence Evidence   Evidence Evidence
 (Pen test)(TARA)   (Verif)  (Review)

常見論證框架

ISO 21434 不強制特定框架。

CS Case 內容應包含

cs_case:
  metadata:
    item: "TCU-2026"
    version: 1.0
    release_date: 2027-07-01

  scope:
    item_definition_ref: "..."
    applicable_phases: [Concept, Development, Validation]

  top_claim:
    statement: "TCU achieves all cybersecurity goals throughout its operational lifecycle"

  cybersecurity_goals:
    - id: CG-001
      claim: "Firmware integrity is protected against unauthorized modification"
      arguments:
        - "Secure boot enforced (CSR-001, CSR-002)"
        - "Signed update only (CSR-005)"
      evidence:
        - "Verification Report Section 4.2"
        - "Pen Test Report PT-2027-018"
        - "Review Record RR-Arch-005"

  residual_risks:
    - id: RR-001
      description: "Side-channel attack on RSA signing"
      level: "Low"
      treatment: "Retain + monitor"
      acceptor: "VP Engineering (signed 2027-06-15)"

  ots_components:
    - "OpenSSL 3.0.12 (see SBOM v2.1)"
    - "AUTOSAR BSW (Vector, see OoC ref)"

  reused_components:
    - "Gateway SW v1.5 (reused from project G2, Delta TARA done)"

  assumptions:
    - "Vehicle OEM provides physically secured OBD port (CS Claim CL-002)"

  references:
    - "CS Plan v2.3"
    - "TARA Report v3.1"
    - "Verification Report v1.0"
    - "Validation Report v1.0"

證據 (Evidence) 來源

Cybersecurity Assessment

評估目的

1. CS Case 是否成立？
2. Argument 是否合理？
3. Evidence 是否充分？
4. Residual Risk 是否合理被接受？
5. Tailoring 是否合理？
6. 是否符合 Clause 5-15 要求？

評估員資格

Assessment Report 結構

cs_assessment_report:
  metadata:
    project: "TCU-2026"
    assessor: "Bob Smith (Independent CS Officer)"
    assessment_date_range: 2027-06-01 to 2027-06-25
    cs_case_version_reviewed: 1.0

  methodology:
    - Document review
    - Sample-based evidence verification
    - Interview with CS team, architects, testers
    - Independent verification of selected TARA scenarios

  findings:
    - id: F-001
      severity: Major
      description: "CSR-005 (DPA countermeasure) test data missing"
      recommendation: "Re-execute DPA test or remove CSR-005 (and update TARA)"

    - id: F-002
      severity: Observation
      description: "CS Case mixes evidence and conclusion structure"
      recommendation: "Restructure for next release"

  overall_assessment:
    cs_case_completeness: "Partial — F-001 blocking"
    residual_risk_acceptance: "Acceptable for non-blocking risks"
    tailoring_assessment: "Reasonable"

  recommendation: "REJECT release until F-001 resolved"

  next_assessment: "Upon F-001 resolution"

評估結果可能

CS Case 是 Living Document

Initial CS Case (Release 1.0)
        │
新威脅出現 / 新弱點 / OTA 更新
        │
        ↓
Updated CS Case (Release 1.1)
        │
        ↓
…直至 EoS

證照考點

Related Notes

• 03-Project-Dependent/01-Cybersecurity-Plan
• 03-Project-Dependent/07-Release-for-Post-Development
• 02-Organizational-Management/06-Audit-and-Assessment
• 00-Dashboard/Exam-Traps#Trap 4
• 00-Dashboard/Exam-Traps#Trap 13

Practice

• 03-Project-Dependent/Practice-Project-Mgmt