Terms and Abbreviations

Question 1

Architectural Design

Answer 1

Representation that allows for identification of components, their boundaries, interfaces and interactions

Question 2

Asset

Answer 2

Object that has value, or contributes to value
Has one more CS properties whose compromise can lead to one or more damage scenarios

Question 3

Attack Feasibility

Answer 3

Attribute of an attack path describing the ease of successfully carrying out the corresponding set of actions

Question 4

Attack Path

Answer 4

Set of deliberate actions to realise a threat scenario

Question 5

Attacker

Answer 5

Person, group or org that carries out an attack path

Question 6

Audit

Answer 6

Examination of a process to determine the extent to which the process objectives are achieved

Question 7

Component

Answer 7

Part that is logically and technically separable

Question 8

Customer

Answer 8

Person or org that receives a service or product

Question 9

Cybersecurity aka Road Vehicle CS

Answer 9

Condition in which assets are sufficiently protected against threat scenarios to items of road vehicles, their functions and electrical or electronic components

Question 10

CS Assessment

Answer 10

Judgement of CS

Question 11

CS Case

Answer 11

Structured argument supported by evidence to state that risks are not unreasonable

Question 12

CS Claim

Answer 12

Statement about a risk.
Justification for retaining or sharing risk.

Question 13

CS Concept

Answer 13

CS requirements of an item and requirements on its operational environment with associated information on the CS controls

Question 14

CS Control

Answer 14

Measure that is modifying the risk

Question 15

CS Event

Answer 15

CS information that is relevant for an item or component

Question 16

CS Goal

Answer 16

Concept-level CS requirement associated with one or more threat scenarios

Question 17

CS Incident

Answer 17

Situation in the field that can involve vulnerability exploitation

Question 18

CS Information

Answer 18

Information with regard to cybersecurity for which relevance is not yet determined

Question 19

CS Interface Agreement

Answer 19

Agreement between customer and supplier concerning distributed CS activities

Question 20

CS Property

Answer 20

Attribute that can be worth protecting

Question 21

CS Spec

Answer 21

CS requirements and corresponding architectural design

Question 22

Damage Scenario

Answer 22

Adverse consequences involving a vehicle or vehicle function and affecting a road user

Question 23

Distributed CS Activities

Answer 23

CS activities for the item or component whose responsibilities are distributed between customer and supplier

Question 24

Impact

Answer 24

Estimate of magnitude of damage or physical harm from a damage scenario

Question 25

Item

Answer 25

Component or set of components that implements a function at the vehicle level

Question 26

Operational Environment

Answer 26

Context considering interactions in operational use Operational use of item or a component can include use in a vehicle function, in production and/or in service and repair

Question 27

Out-of-Context

Answer 27

Not developed in the context of a specific item

Question 28

Penetration Testing

Answer 28

Cybersecurity testing in which real-world attacks are mimicked to identify wats to compromise CS goals

Question 29

Risk Cybersecurity Risk

Answer 29

Effect of uncertainty on Road Vehicle CS expressed in terms of attack feasibility and impact

Question 30

Risk Management

Answer 30

Coordinated activities to direct and control an organization with regard to risk

Question 31

Tailor

Answer 31

To omit or perform an activity in a different manner compared to its description in this document

Question 32

Threat Scenario

Answer 32

Potential cause of compromise of CS properties of one or more assets in order to realise a damage scenario

Question 33

Triage

Answer 33

Analysis to determine the relevance of CS information to an item or component

Question 34

Trigger

Answer 34

Criterion for triage

Question 35

Validation

Answer 35

Confirmation, through the provision of objective evidence, that the CS goals of the item are adequate and are achieved

Question 36

Verification

Answer 36

Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled

Question 37

Vulnerability

Answer 37

Weakness that can be exploited as part of an attack path

Question 38

Vulnerability Analysis

Answer 38

Systematic identification and evaluation of vulnerabilities

Question 39

Weakness

Answer 39

Defect or characteristic that can lead to undesirable behaviour