Versions Compared

Version Old Version 2 New Version Current
Changes made by

Tino Pförtner

Tino Pförtner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Asset Identification

Asset identification can be regarded as a two-step-procedure, where

...

in step 1, all asset candidates are identified based on the design, and

...

Table of Contents
maxLevel6
minLevel1
include
outlinefalse
indent
exclude
styledefault
typelist
printabletrue
class

Asset Identification

Step 1: Asset

...

Candidates

To manage your asset candidates open the project assets view as described in
new TARA Main Table And Views and click the green plus icon at upper right corner to add a new row.

...

, open a global asset catalog in the Catalogs View or create a new Assets Catalog if you want your assets to be available thoughout your SOX respository.

...

If you want to define project-specific asstes, you can use the Assets Catalog in your TARA → Project Catalogs folder

...

Add content as needed:

  • Text fields are provided to assign a Name(mandatory) and Description to your Asset.

  • Select an Element Category from the drop-down menu as required.

  • The column Model Element provides a drop-down menu containing all model elements in your project that have the stereotype “Asset” assigned to them.

Your result could look like this:

...

On the premise that you elect to add a total of three Assets, the following situation may result:

...

  • The column Vulnerability provides a drop-down menu containing all model elements in your project that have the stereotype “Vunerability” assigned to them. You can also find the Vulnerability catalog in the catalog view grafik-20240828-064951.pngImage Added under Public → TARA Catalogs

...

Step 2: Cybersecurity

...

Assets and

...

Damage Scenarios

TARA main table - group “Asset Identification”

An asset candidate can be added to TARA table by either double-clicking in column Asset Name and selecting from drop-down menu, or dragging-and-dropping an asset from project assets viewthe global Asset Catalog or the Project Catalog. Assets added from the Global Catalog will result in a copy in the Project Catalog. Any attributes defined for the asset like Description and Element Category will be transferred along with the asset name.

...

To further analyze an asset, add a cybersecurity property by via selection from the drop-down menu in corresponding the column Cybersecurity Property.

...

To finalize asset identification, you need to identify damage scenarios that might be realized in case an asset’s cybersecurity property is compromised. The user-side logic for creating and assigning damage scenarios is quite analogous to asset handling:

To manage your damage scenarios, open the project damage scenarios view as described in
new TARA Main Table And Views Damage Scenarios in the Project Catalogs or the Global TARA Catalogs folder and click the green plus icon at upper right corner grafik-20240827-053602.pngImage Added - icon to add a new row.

...

Name and Description are once again text fields which will take input after double-clicking them. A stakeholder can be selected from drop-down in column Affected Stakeholder. The impact can be rated in the categories Safety, Financial, Operational, and Privacy or any additional category defined in a custom profile. Complete your damage scenario by filling in text in columns Justification and Assumptions on Impact as needed.

To assign a damage scenario from project damage scenarios view the Project- or Global Damage Scenarios to an asset in TARA table , drag it -and-drop it anywhere in a row. Alternatively a damage scenario can be selected from the drop-down menu in the column DS Name.

...

The graphic below suggests a possible outcome of step 2:

...

Selecting a Damage Scenario from a Global Catalog will create a copy in the respective Project Catalog.

...