Asset Identification
Asset identification can be regarded as a two-step-procedure, where
in step 1, all asset candidates are identified based on the design, and
in step 2, cybersecurity relevant assets are defined.
Step 1: Asset candidates
To manage your asset candidates open the project assets view as described in
new TARA Main Table And Views and click the green plus icon at upper right corner to add a new row.
Add content as needed:
Text fields are provided to assign a Name (mandatory) and Description to your Asset.
Select an Element Category from drop-down menu as required.
The column Model Element provides a drop-down menu containing all model elements in your project that have the stereotype “Asset” assigned to them.
Your result could look like this:
On the premise that you elect to add a total of three Assets, the following situation may result:
It is relevant to note that at this point the data set created still represents an assembly of “Asset candidates”, i.e., they have not yet been added to your project, which fact is reflected in the upper table still being empty.
Step 2: Cybersecurity assets and damage scenarios
TARA main table - group “Asset Identification”
An asset candidate can be added to TARA table by either double-clicking in column Asset Name and selecting from drop-down menu, or dragging and dropping an asset from project assets view. Any attributes defined for the asset like Description and Element Category will be transferred along with the asset name.
To further analyze an asset add a cybersecurity property by selection from drop-down menu in corresponding column Cybersecurity Property.
TARA main table - group “Damage Scenario”
To finalize asset identification you need to identify damage scenarios that might be realized in case an asset’s cybersecurity property is compromised. The user-side logic for creating and assigning damage scenarios is quite analogous to asset handling:
To manage your damage scenarios open the project damage scenarios view as described in
new TARA Main Table And Views and click the green plus icon at upper right corner to add a new row. Name and Description are once again text fields which will take input after double-clicking them. A stakeholder can be selected from drop-down in column Affected Stakeholder. The impact can be rated in categories Safety, Financial, Operational, and Privacy or any additional category defined in a custom profile. Complete your damage scenario by filling in text in columns Justification and Assumptions on Impact as needed.
To assign a damage scenario from project damage scenarios view to an asset in TARA table drag it and drop it anywhere in a row. Alternatively a damage scenario can be selected from the drop-down menu in column DS Name.
The graphic below suggests a possible outcome of step 2: