Risk Assessment for Cybersecurity

From Components to Single Systems to Final Products and Full-vehicles
  • Rapid implementation with Security-by-Design

  • Support of reliable Lifecycle Management

  • Customizable ISO 21434 driven reports

Our Customers & Partners

  • ASRG
  • Block Harbor
  • BOSCH
  • Bosch Siemens Hausgeräte GmbH
  • CARIAD
  • Continental
  • Hella
  • Kostal

Analyze your risk with YAKINDU Security Analyst

YAKINDU Security Analyst allows you to manage the complexity of all cybersecurity risks related to your product development. It supports your Threat Analysis and Risk Assessment (TARA) throughout the entire lifecycle of the vehicle in full compliance with ISO 21434 (or ISO/SAE 21434) and UNECE R155.

Request a meeting now

ISO 21434 : Cybersecurity with YAKINDU Security Analyst

Benefits at a Glance

  • Rapid Implementation with Security-by-Design

    Design systems first-time right with a model-based security-by-design approach and generate simple to understand attack trees and sequence diagrams with real-time validation.

  • Support of Reliable Lifecycle Management

    Analyze threat scenarios and attack paths with automated calculation of risk levels throughout the entire lifecycle of the vehicle to react faster to upcoming and changing threats.

  • Customizable ISO/SAE 21434 Driven Reports

    Generate standardized and audit-proof documentation of assessment models and action plans at enterprise or project level.

  • Efficient Synchronization with Reference Systems

    Synchronization and re-use of existing architectural elements or requirements across different projects to avoid duplication of models.

  • Easy Integration into various Tool and Process Landscapes

    Extensive import and export functionalities enable the exchange of data between various tools within an organization or with other entities along the value chain via openXSAM or custom tailored formats.

  • Flexible Collaboration Options between Organizations

    “One Truth” through architecture-based modeling with role-specific views for the requirements of analysts, architects or security experts to enable collaboration in interdisciplinary organizations with functional interdependencies.

  • Model-Based Approach for Fast and Reliable Results

    The model-based approach ensures validity and makes the tool less error-prone when maintaining large models and points out the interdependencies between hundreds of assets and elements.

Do you need any info about YAKINDU Security Analyst?

Let us talk about your project

itemis realize cybersecurity in an easy way

Realize cybersecurity in an easy and reliable way

Analyzing and managing the cybersecurity risks of connected systems is essential for the development of secure systems. Our tool assists you in:

  • Identifying and specifying security requirements and objectives
  • Defining adequate security measures
  • Verifying necessary security features

Implementing effective and comprehensive risk solutions is crucial for automotive companies operating internationally.

By 2024, all road vehicles (by July 2022 for new vehicles) will be required to meet UNECE R155 and ISO 21434 standards in order to receive type approval.

OEMs and Tier-n suppliers that do not meet these standards will be barred from the European, Korean and Japanese markets. Adopting a certified Cybersecurity Management System (CSMS) and conducting Threat Analysis and Risk Assessments (TARAs) throughout the product life cycle and along the entire supply chain is mandatory for meeting these requirements.

Our YAKINDU Security Analyst enables you to realize this in an easy and reliable way.

Submit your questions

Additional Products & Services

With YAKINDU Statechart Tools, you can easily create complex systems in a visual way. Simulate and test your system’s behavior already while you are modeling. Code generators translate your state machine into high-quality source code for different target platforms.

Model your code

YAKINDU Traceability is a professional requirements traceability management tool. It adapts to your usual development tools and creates a homogeneous traceability graph, without interfering with your established workflows.

Track your requirements

FotaHub is a universal cloud-based firmware over-the-air (FOTA) update service. It enables you to dramatically cut down effort, time and cost to get your IoT devices ready and evolve them over the whole product lifetime.

Firmware over-the-air 

Benefit from the support of industry experts to find efficient solutions without having to make any diversions.

Work with industry experts

Develop more efficiently, increase quality, and streamline your processes end-to-end.

Perfect tool support

  • YAKINDU Statechart Tools reduce the time required to create and maintain state machines.

    Dr. Christopher Braun, Former PO for GUI SW-Framework and home applianceconnectivity, BSH Hausgeräte GmbH
    BSH Haushaltsgeräte GmbH use Statechart Tools
  • We all know analyzing risk over time will be the next biggest industry challenge. No longer will excel tables, MS access databases or custom-made tools be able to handle the task. We need a way to continuously manage, track and update risk assessments (TARA, etc.) to ensure product security over its entire life. Security Analyst allows for complex and dynamic risk models and simulations which allow us to evaluate risk faster and more transparent than other market tools.

    John Heldreth, Founder, ASRG
    ASTG Partner of itemis

Contact us

Please complete the form below to be contacted by an Itemis representative.

Book an appointment with one of our cybersecurity experts to learn more.

Frequently Asked Questions

The amount of electronic systems in cars is constantly increasing due to market demands. With the increasing complexity of new electronic driver assistance and infotainment systems, cars are not only becoming more comfortable and safer, but also more threatened by cyberattacks. The connected car and its components need to be secure throughout its entire lifecycle. To cope with this challenge, it is essential to continuously find out if, where, and how the car is vulnerable, what damage is associated with the threat, and how the impact of the threat will be managed. Otherwise, there are serious risks in the form of financial losses, legal consequences or loss of reputation. For this reason, the cybersecurity regulation ISO 21434 was implemented. It aims to establish a “cybersecurity by design” framework for the entire lifecycle of road vehicles.

One of the key elements of the recently published cybersecurity standard ISO 21434 is the performance of a Threat Analysis and Risk Assessment (TARA), which is the major part of identifying cybersecurity goals. In the best case, the method scales with the status of the development process, so a secure system design is possible right from the start (Security by Design), but it can also be applied for existing systems. This risk assessment method describes different identification and analysis activities throughout the development phases in the lifecycle: from asset identification over threat scenario identification, impact rating, attack path analysis, attack feasibility rating, risk value determination to risk treatment decision.

The purpose of ISO 21434 is to ensure that OEMs and all participants in the supply chain have structured processes in place that support a “Security by Design” process. Especially in the highly dynamic security environment, new vulnerabilities are discovered on a daily basis. These threats must be adequately addressed with updates and new countermeasures to ensure continued security. A model-based approach to safety risk analysis is therefore not only beneficial in the design phase of a vehicle model or component, but crucial and forms the basis for continuous safety risk assessment throughout the vehicle's lifetime.

R 155 has a very far-reaching definition of the period in which the provision of updates for vehicles is mandatory. Security updates need to be provided in all phases of the product lifecycle: during the development and production phase and also throughout the entire operating period, until the car is ultimately no longer active in traffic. To guarantee cybersecurity over this long period of time and to keep your TARAs up to date, it is important to use a flexible solution that adapts to constantly changing conditions, especially when new threats arise. A suitable cybersecurity solution is necessary for this without any doubt.

Spreadsheets are quite often a great support for work, but not really suitable to model TARAs to meet upcoming cybersecurity regulations. We have already explained how a specified solution can help. Nevertheless, here are three compelling arguments against spreadsheets: First, they can not be customized to fulfill ISO 21434 regulation requirements out of the box, thus lacking industry standards. Secondly, spreadsheets don’t run on a model based environment, so the correct referencing of input and changes in the project is not ensured. And last but not least, your TARAs will have to be updated over time and this will bring up problems in the future referencing, particularly when new threats emerge.