TARA Profile Settings

Owned by Tino Pförtner
Last updated: Sept 19, 2024
5 min read

The TARA Profile Settings are currntly under construction and will be available soon.

C-SOX TARA supports customized profiles. To access this feature, navigate to File > Preferences > CSOX Settings.

Outcome: the tab for TARA custom profiles will open. Click as indicated below.

Outcome: the available profiles will display, including the default, ISO 21434, which cannot be edited. To Create a new profile, click accordingly.

Outcome: the Create New Profile dialog will open.

Basic Data

Choose a suitable name; a description is optional. As soon as several profiles exist, each of these will be available for use as a template. Select if you wish to have the system calculate a single impact value (checkbox Aggregate impact). When done, click Create.

Outcome: you will be returned to the profiles overview, which lists your new custom profile. Click the ‘pencil’ icon to edit the same.

On the Basic Data screen, we stipulate that you accept your previous entries and navigate to the Impact Rating screen.

Impact Rating

The screen identifies your current profile and template, as well as your setting for Single Risk Value. The 'X' denotes that the parameter is deselected, meaning that the system will determine individual impact values for each Category.

Each of the categories is accompanied by an 'i' icon.

Clicking any of these will open a prompt that will take a description, or allow the use to edit an existing one.

Each category has tiered ratings associated with it, whose designations are subject to change after double-clicking, e.g., to change the name to “null” instead of “none”.

The four predefined categories cannot be deleted. Clicking the ‘plus’ icon, to contrast, will add a new category with an active ‘trash’ icon to visualize the fact that such a category may be deleted.

Attack Feasibility

This screen serves a similar purpose to Impact Rating but has a different structure. Instead of the normative four degrees (Negligible..Severe) used to rate impacts, Attack Feasibility parameters may have various levels.

Select any parameter by checking the appropriate box. Once again, clicking the 'i' icon will bring up a dialog for entering or editing a text description.

In the table provided for each parameter, cell entries can be edited after double-clicking.

A similar approach is available to configure your TARA aggregation table. Whilst the rating names are normative and static, the numerical values can be edited:

It is further possible to switch from the Attack Potential Based Approach to CVSS Exploitability Metrics. CVSS uses different parameters and includes a mapping constant, which is also amenable to user-side editing.

Risk Evaluation

The rationale here is aimed at evaluating risks by processing impacts and attack feasibilities. The table shown reflects this method. It is possible to define the cellular values individually, within the normative 1..5 scope.

Switch across impact categories using the drop-down provided.

CAL (Cybersecurity Assurance Level)

The CAL value is also calculated based on matrix inputs, based on threat scenarios. Of all damage scenarios associated with a threat scenario, the highest impact will be relevant for the calculation.

Select your attack feasibility using the drop-down supplied.

Edit CAL levels by clicking into any cell.

The number of CAL levels can be incremented or decremented.

Subsequent to completion of the process your new profile will be available as a template when creating another profile.