塞西普演讲.pdf

《塞西普演讲.pdf》由会员分享，可在线阅读，更多相关《塞西普演讲.pdf（15页珍藏版）》请在三个皮匠报告上搜索。

1、Page 1 GlobalPlatform 2025|Confidential SESIP22ndMay 2025Jorge Wallace Ruiz,GlobalPlatform SESIP Committee Automotive Working GroupFrancesca Forestieri,GlobalPlatform Page 2SESIP Certification:How it works and its use in AutomotiveFrancesca Forestieri,Head of AutomotiveGil Bernabeu,CTOPage 32.Emerge

2、nce of Regulations and Standards on CyberSecurity?Why does security certification matter?SAE/ISO 21434 and 24089UN R155/156 AND ISO/SAE 21434 and 24089CN CS Law GB64 Countrieshttps:/ ForumCybercrime and cyber insecurity are new entrants into the Top 10 rankings of the most severe global risks over t

3、he next decade,according to the World Economic Forum.Now taking the 8th spot,cybercrime now stands side-by-side with threats including climate change and involuntary migration.1.World is a scary place?Page 4Implementations of Cybersecurity Management Systems for UNECE 155/156:Compliance is not Seaml

4、essFrequent Rejection of Reports at Type Approval!Unstructured Reporting&GapsInconsistent Vulnerability ContextAbsence of Integration with Existing StandardsLack of AssumptionsRationale for selection of test casesExamples of Common ReasonsPage 5Use lab evidence of certified hardware protected securi

5、ty environments SAE J3101Demonstrate cyber assurance levels,leveraging ISO“transparent”security levels ISO/IEC 15408 defining AVA_VAN vulnerability assurance levelsSESIP Certification from SESIP Certified LabWhat Can Be Done to Increase Evidence of Best Practice Adoption on Security Products?Page 6S

6、ESIP is a standard methodology European CENELC Standard(EN 17927)Work planned for ISOWhat Product Types?Early focus of SESIP has been SoCs Can be applied to higher level componentsHow does it work?Certification requires methodology plus SESIP profile Either defined for a class of product or Vendor s