Browse Learn WB1742

Performing a Cybersecurity Threat Analysis and Risk Assessment WB1742

SAE J3061 sets out a recommended cybersecurity engineering process framework for organizations developing cyber physical systems. One of the recommendations of this framework is to carry out a threat analysis and risk assessment early in the product development. A threat analysis identifies and models the relevant threats against assets, and a risk assessment classifies the impact and likelihood associated with each threat. The approach enables the prioritization of risks and appropriate risk treatment measures to be determined in subsequent development phases.

This live, online course, delivered in three, two-hour sessions, provides participants with the knowledge of appropriate methods to carry out threat analysis and risk assessment for the development of a typical vehicle feature.

Learning Objectives
By participating in this web seminar, you will be able to:
  • Identify relevant threats
  • Carry out threat modelling
  • Create attack tree analyses
  • Develop risk assessment
  • Determine Cybersecurity Assurance Levels and Security Goals

Who Should Attend
To get full benefit from the course, participants should have prior knowledge and experience of J3061; Participation in Keys to Creating a Cybersecurity Process from the J3061 Framework, (ID# WB1604) or equivalent training/experience is strongly recommended.

Session 1
  • Introduction
  • Threat Analysis
    • Threat identification
    • Threat modeling
    • Attack trees
    • Exercise 1: Threat Analysis
Session 2
  • Risk Assessment
    • Severity classification
    • Likelihood classification
    • Exercise 2: Risk Assessment
Session 3
  • Assurance Levels and Cybersecurity Goals
    • Determining the assurance level
    • Developing cybersecurity goals
  • Worked Example: Cybersecurity Goals
  • Summary
Registration Information
Registration for this live web seminar is available on a per-person basis, similar to purchasing a seat in a classroom. Participants attend an online session from work or home; anywhere with a PC with internet access and a telephone. The fee includes one connection to the conference calls (toll free telephone number provided for U.S. and select countries*) and assigned personal ID number; one connection to SAE's online training center (via WebEx); and access to a secure course in the SAE Learning Center that contains the presentations, supplemental materials, and assignments.

Registrations will be accepted until 5:00 p.m. the day before the start of the web seminar, but early registration is encouraged to allow for pre-course set-up and instructions.

*Global toll-free telephone numbers are provided for many countries outside the U.S., but are limited to those on the WebEx call-in toll-free number list. Check here to see if your country has a global call-in toll free telephone number for this web seminar. If your country is not listed, you may still connect using the US/Canada Call-in toll number or Voice over Internet Protocol (VoIP).

Although WebEx Training Manager will automatically launch when you join the web seminar, you or your system administrator are encouraged to download the plug-in in advance to help ensure successful setup. Click here, then follow the onscreen instructions.

Multiple Seat Discount - 50% off more than one!

  1. If you participated in the SAE Keys to Creating a Cybersecurity Process from the J3061 Framework web seminar within one year prior to the start date of this course and paid full list or member price, you may request a 50% discount off the list price of this web seminar.


  2. Register one individual at the appropriate list or member price, then register as many additional employees at half off the list price. To receive the discount, register all individuals at the same time or mention the confirmation number for the first registrant. The offer is good for only the same web seminar and offering dates. All registrants will receive a personal account and opportunity for CEUs.

Discount applies to web seminar(s) of equal or lesser list fee. Registration by phone with SAE Customer Service is required to take advantage of these discounts.

If you cannot attend, you may register a substitute in your place or transfer your registration to a future offering. A full refund is issued if you notify SAE at least 14 days prior to web seminar start date. If canceled less than 14 days prior, the full fee is charged. For $50, you may process a one-time transfer to a future offering within one year of canceled web seminar. Canceling may reduce group discounts. To cancel, transfer or send a substitute, call SAE Customer Service at 1-877-606-7323 (US & Canada only) or 1-724-776-4970.

David Ward and Paul Wooderson

David WardDr. David Ward is Senior Technical Manager, Functional Safety at HORIBA MIRA. In this role, he provides leadership in development and independent assessment of automotive electronic system safety, reliability and cybersecurity. Since joining HORIBA MIRA in the 1990s, Dr. Ward has been instrumental in industry activities to develop standards and guidance for automotive functional safety, beginning with the pioneering MISRA 'Guidelines for Development of Vehicle Based Software' in 1994 and more recently as the UK Principal Expert to ISO/TC22/SC32/WG8 'Road Vehicles - Functional Safety', which develops ISO 26262. Dr. Ward is an active contributor to the automotive industry's first standard for cybersecurity SAE J3061. In recognition of his contribution to standardization in functional safety, he was awarded the Institute of Mechanical Engineers Award for Risk Reduction in 2013. Dr. Ward holds an MA degree in Natural Science from the University of Cambridge, a Ph.D. in Electrical Engineering from the University of Nottingham, UK and holds appointments as a Visiting Professor in Functional Safety at Coventry University, UK and in Engineering Design at the University of Leicester, UK.

Paul WoodersonPaul Wooderson, MEng CEng MIET, is Senior Functional Safety/Cyber Security Engineer at HORIBA MIRA Ltd, currently responsible for cybersecurity research and development. He is a Chartered Engineer with 16 years' experience in embedded systems security in the automotive and smartcard domains. Paul's experience includes threat analysis and risk assessment, security evaluation of cryptographic hardware and software, secure design techniques and security certification. Paul is a UK Expert to the ISO/SAE joint working group developing the international standard ISO/SAE AWI 21434 'Road Vehicles - Cybersecurity Engineering', and is also a member of the SAE Task Forces on Vehicle Electrical Hardware Security and Cybersecurity Assurance Testing.

Fees: $550.00
SAE Members: $440.00 - $495.00

.6 CEUs
You must complete all course contact hours and successfully pass the learning assessment to obtain CEUs.

If paying by a credit card, click the Register button above. If paying by any other method or for general inquiries, please contact SAE Customer Service 1-877-606-7323 (724-776-4970 outside the U.S. and Canada) or at

Duration: 6 Hours
December 9-13, 2019 (3 Sessions) - Live Online
  • Session 1 - December 9 (10:30 a.m. - 12:30 p.m. ET)
  • Session 2 - December 11 (10:30 a.m. - 12:30 p.m. ET)
  • Session 3 - December 13 (10:30 a.m. - 12:30 p.m. ET)
  • X