 |
Work Item Reference | ETSI Doc. Number |
STF | Technical Body in Charge |
Download Standard
|
||
| DTR/CYBER-0094 | TR 103 935 | CYBER | |||||
| Current Status (Click to View Full Schedule) |
Latest Version |
Cover Date | Standstill | Creation Date | |||
|
|
1.1.1 | 2023-12-04 | View Standstill Information | 2022-09-20 | |||
| Rapporteur | Technical Officer | Harmonised Standard | |||||
Meinhard Bohlen
|
Laure Pourcin
|
No | |||||
| Title |
Cyber Security (CYBER); Assessment of cyber risk based on products’ properties to support market placement Assessment of cyber risk based on products’ properties to support market placement |
||||||
|
Scope and Field of Application |
Industry sectors have addressed the assessment of cyber risks, particularly as regards software, in a largely silo manner. On the other hand, recently introduced – and even upcoming – legislation mandates a horizontal treatment of cyber risks that spans multiple industry sectors. And where such legislation holds for the placement of products and services in the EU Single Market, stringent requirements apply. Given that risk assessment is predominantly informed by the context in which products and services operate, the (re)use of sectorial risk assessments (e.g. consumer, industrial, medical, etc.) in the development of technical standards supportive to such horizontal legislations has been a complex and arduous exercise. Particularly so when it comes to subjective factors – inherent in any risk assessment – that should be kept under control. Currently, this is largely an open issue for the industry. Hence there is a need for an “adapter” concept (e.g. an approach, method, guidance, practice, or other suitable formalism) that facilitates reuse of the investment made by different industry sectors in the assessment of risk, while providing a uniform “interface” fit for the conformance assessment requirements and other legal concerns of such horizontal legislations. Such a unified “adapter” is currently lacking. This WI shall address this gap and analyse the areas where subjective factors play a role (and thus should be handled diligently) in this context. Moreover, it shall introduce the challenges that accompany the assessment of software-related risks in the context of market placement and present essential principles to inform the risk assessment of products based on their properties. Finally, a method to constrain and control subjectivity based on these principles and developed to address the challenges of said risk assessments shall be presented. | ||||||
|
Supporting Organizations |
HAGER GROUP, A.S.P., Schneider Electric Industries, HUAWEI TECH. GmbH, LEGRAND FRANCE | ||||||
