For the risk assessment as such, it is important to proceed systematically. In this process, possible damage scenarios should be derived in a structured manner, which can arise if security properties, i.e. properties of the assets in the system, are violated. It is also important to identify which threat scenarios exist and which attack paths can lead to these threats being implemented for threat scenarios where the risk cannot be accepted or treated otherwise. This corresponds to the procedure of the classical risk treatment, in order to determine which risks I can accept, where I can possibly transfer risks and, very strongly, of course, the question of safety-related risks, i.e. how can I prevent the damage from occurring at this point, namely by introducing additional security measures. Of course, there is always the possibility of avoiding a risk, for example by not implementing a particular vehicle function if you cannot get it safely. ISO/SAE 21434 specifies the framework for how the whole and which cornerstones exist for the risk analysis method.