Conducting Threat Analysis and Risk Assessment (TARA) in a Scaled Agile Framework (SAFe): Challenges During Vehicle Product Lifecycle
2022 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE credits
Student thesis
Abstract [en]
Context and Background: As technology becomes increasingly integral to the automotive industry, Original Equipment Manufacturers (OEMs) and suppliers face growing pressure to ensure the safety and security of their vehicle solutions, systems, and services. WP.29, a working party of the United Nations Economic Commission for Europe (UNECE), plays a crucial role in developing and promoting the harmonization of vehicle regulations across countries. WP.29 has established regulations and standards for organizations to adhere to, including the use of the ISO 21434 standard for conducting Threat Analysis and Risk Assessment (TARA) to evaluate security risks associated with their product solutions.
Objectives: This paper examines the challenges faced by agile teams in an automotive organization adopting the Scaled Agile Framework (SAFe) during the conduct of TARA during the product development life cycle of a vehicle.
Method: A qualitative case study approach was utilized in this research, involving semi-structured interviews conducted with agile team members within the automotive organization to gather data from various perspectives. Thematic analysis was used to analyze the data and identify themes and patterns related to the challenges.
Results and conclusion: The conduct of TARA in the automotive industry, particularly within organizations adopting SAFe, presents challenges. The study identified six key themes that capture the challenges faced by agile teams in conducting TARA in the automotive sector, including Documentation and Organizational Challenges, Team Dynamics challenges, Implementation Impediments, Resource Constraints, and Quality Concerns. It is crucial for organizations to consider these challenges and take proactive steps to mitigate them to ensure the successful conduct of TARA.
Place, publisher, year, edition, pages
2022. , p. 36
Keywords [en]
Automotive Cybersecurity, TARA, SAFe, ISO 21434, Challenges
National Category
Software Engineering Computer and Information Sciences
Identifiers
URN: urn:nbn:se:his:diva-23076OAI: oai:DiVA.org:his-23076DiVA, id: diva2:1785820
Subject / course
Informationsteknologi
Educational program
Privacy, Information and Cyber Security - Master's Programme 60 ECTS
Supervisors
Examiners
2023-08-042023-08-042024-09-23Bibliographically approved