The module Threat Analysis and Risk Assessment (TARA) meets your security needs according to relevant industry norms such as ISO/SAE 21434 „Road vehicles – Cybersecurity engineering“ as the new industry standard for automotive cybersecurity.
In TARA, security analysis starts with modelling the item or preliminary architecture based on SysML/UML. Identify asset candidates directly in the model and further analyze them by identifying damage scenarios with respect to cybersecurity properties and stakeholders. Allocate threat scenarios to a damage scenario and identify attack paths. Attack paths can be further detailed by defining exact attack steps.
Impact and attack feasibility rating can be done based on pre-defined and /or customized parameters. Rate the attack feasibility by either using an attack potential based approach, CVSS based approach or attack vector. In addition, rating parameters incl. including their levels and mapping tables , as well as risk matrices can be customized and stored to a TARA profile for reuseto use it again. For example, define an individual risk matrix for each impact category.
...