Skip to main content

Cybersecurity Development

The objective of Cybersecurity Product Development is to discover all cybersecurity weaknesses during the development of the product and to eliminate vulnerabilities.

Quma provides the development teams a clear and intuitive approach centered around work products. The process and terminology are shaped by best practices based on thecybersecurity regulations, industry standards and years of experience.

Cybersecurity Plan

The Cybersecurity Plan describes how the achievement of cybersecurity of the product is planned within the respective development project.

Item Definition

The Item Definition describes the product in development technically but also its purpose, environment and boundaries.

TARA

The Threat Analysis and Risk Assessment is the methodical approach to identify cybersecurity threats and rate their risks. It provides the basis for the argument for further mitigation measures.

Cybersecurity Concept

The cybersecurity concept provides the specification of mitigation measures to high-threat risks, the so called cybersecurity controls.

Verification

The Cybersecurity Verification describes and documents test cases, analyses, and inspections and traces the results back to the controls.

Validation

The validation provides evidence of the achievement of the cybersecurity goals and claims, independant of the cybersecurity controls. This is usually done via penetration testing.

CIA

The Cybersecurity Interface Agreement (CIA) documents the aligned responsibilities for cybersecurity activities between the supplier and the customer in a joint develpment.

Cybersecurity Case

The Cybersecurity Case provides the argument for cybersecurity for the developed product and version controlled baseline of all development evidences.

Post-Development Requirements

It is important to specify the post-development requirements already during the development phase, when the development team is still available. This includes requirements towards production, service, changes, monitoring and decommissioning.

Assessment

The Cybersecurity Assessment is conducted by an independant assessor and considers the technical cybersecurity just as much as the compliance with the organizations Cybersecurity Management System.

Release for Post-Development

The Cybersecurity Release for Post-Development ensures that all requirements regarding post-development cybersecurity activities have either been met or are planned and responsibilities are assigned.

Qumasoft

Better automotive cybersecurity, but at half the cost and in half the time.

Get in touch!

...