How to deal with new vulnerabilities according to ISO21434?

An organization that adheres to the DIS of ISO21434 is supposed to continuously monitor cybersecurity information from external and internal sources [RQ-07-01]. It will then decide whether or not to trigger a cybersecurity event, which starts a vulnerability analysis that will eventually initiate according risk treatments. For example, such sources could be researchers, suppliers, customers, governments, or simply the results from internal analyses.

When a source yields an information, the gathered information is evaluated regarding predefined Triggers (part of [RQ-05-02]) to decide whether they should yield a Cybersecurity Event [WP-07-02]. This step is called Triage. A Vulnerability Analysis shall be performed for each event [RQ-07-04]. The vulnerabilities with their attack feasibility ratings will be fed into the Vulnerability Management (7.6) which will initiate the treatment of risks according to Clauses 8.9, 9 and 10.

Of course, these continuous cybersecurity activities are performed throughout the lifecycle and possibly outside of a project.

Continuous Cybersecurity Activities

What now?

Want to discuss about vulnerabilities according to ISO21434 further? Feel free to contact the itemis SECURE Team. Otherwise, read more on our insights from reading ISO21434.