The SOX module threat analysis and risk assessment (TARA) meets your security needs with consideration of relevant standards such as ISO/SAE 21434 „Road vehicles – Cybersecurity engineering“ and guidebooks like SAE J3061 „Cybersecurity Guidebook for Cyber-Physical Vehicle Systems“.

ISO/SAE 21434 is the new industry standard for automotive cybersecurity.

While using the selected method like HEAVENs, STRIDE and EVITA, you are provided with all the necessary parameters to calculate the security level, e.g. choosing the HEAVENs method provides parameters such as STRIDE Threats, Impact Level  (Safety, Financial, Operational, Privacy and Legislation) and Threat Level parameters (Expertise, Knowledge about TOE, Window of Opportunity, Equipment).

Security level as well as safety levels are derivable from the threat analysis and risk assessment which can be connected with safety, security or safety/security relevant requirements in the Requirements module.

Asset/Stride Threat Mapping

Any object in any UML/SysML diagram (e.g., Activity, Sequence, Block Definition and much more) can be declared as Asset and will be automatically connected with the corresponding TARA document.

The corresponding Asset type can be selected (e.g., Data Memory and Data Process) while the possible STRIDE threats and the corresponding Security Attribute will be derived automatically.

Open

Costumer-Specific Method

Threat Level parameters can be adapted when choosing the costumer-specific method as well as their assorted characteristics. Furthermore, an adaptable risk matrix for calculating the security level depending on Threat Level Parameters is provided.

Open

https://enco-software.atlassian.net/wiki/spaces/SUD/pages/2830827523