To counter increasing threats of cyberattacks on automobiles, it is important to practice “secure by design.” For this reason, the regulations and standards that require a risk-based security design are being formulated in the automotive industry. In the concept phase described in ISO/SAE21434:2021, it is necessary to determine cybersecurity controls based on results of the threat analysis (TA) and the risk assessment (RA). On the other hand, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) defines four categories of cybersecurity controls: protection, detection, response, and recovery demand to select cybersecurity controls from these categories. To be able to formulate appropriate cybersecurity control for detection, this article proposes an extension of the threat analysis and risk assessment (TARA) based on Japanese Automotive Standards Organization (JASO) TP15002:2016 to derive candidate monitoring points (MPs) to implement detection functions. We also present evaluation metrics for the MPs derived by our proposed method and discuss future research directions.