Threat Analysis And Risk Assessment (TARA)

Owned by Tino Pförtner
Last updated: Aug 09, 2024
6 min read

Threat Analysis and Risk Assessment (TARA) is a methodology to identify threat scenarios, rate the feasibility of an attack as well as the impact of related damage scenarios, and to assess the risk and residual risk of the identified threat scenarios. According to ISO 21434 the TARA consists of the following steps:

  • Asset identification

  • Description of damage scenarios and impact rating

  • Threat scenario identification

  • Attack path analysis

  • Attack feasibility rating

  • Risk value determination

  • Risk treatment decision

The following sections give a short description of how to create a new TARA document and how to add content.

Working with documents, tables and views

Create a new TARA document

To create a new TARA, right-click your TARA folder, which performance will prompt you to Create new TARA. Acknowledge this prompt by left-clicking it.

Outcome: the Create new TARA dialog will open.

Enter a name unique to your TARA folder (mandatory entry, minimum length five characters); the ISO norm will be pre-selected by the system. When done, click Submit.

Outcome: your new TARA file will be listed as expected. Open the same by double-clicking. As indicated on-screen, the content constitutes an initially empty table structure designed to take input for TARA according to the applicable industry standard ISO 21434.

Organize TARA table and views

TARA main table

Your TARA documents are located in folder TARA associated with your project located in the Project Navigator.

  • Open the folder by clicking the little arrow left to it.

  • Open a TARA document by a single-click.

  • Add or delete a row by clicking on corresponding icons located at top right of the table.

Basically the TARA document provides a main table accompanied with context specific views. Initially the tara table is empty, as you would expect.

TARA element views

In addition to the TARA main table all TARA elements like assets and threat scenarios that exist in the project are listed in an element specific view. You can source these project views from the RM folder.

  • Open any view by a single-click (initially the view is empty).

  • Add or delete a row by clicking on corresponding icons located at top right of the table.

 

You can arrange the TARA table and any views as needed. Just drag a tab and release it. When dragging a tab blue shaded areas indicate where the tab will be located.

As an example the figure shows TARA document “TARA Head Lamp” located on top and several element specific views arranged below it.

The TARA Workflow

Asset Identification

Starting with a system model assets can be defined by assigning the stereotype “Asset” to a model element as described in section Item Definition (System Design) in Security Analysis | Asset Identification. Assets defined based on system model are available in the TARA document and can be selected from a drop down list by double clicking in a cell in column “Model Element” in project view Asset. Add a new row and fill in name and description or select content from drop-down menu.

An asset candidate can be added to TARA table by either double-clicking in column Asset Name and selecting from drop-down menu, or dragging and dropping an asset from project assets view. Any attributes defined for the asset like Description and Element Category will be transferred along with the asset name.

To further analyze an asset add a cybersecurity property by selection from drop-down menu in corresponding column Cybersecurity Property.

Description of damage scenarios and impact rating

To finalize asset identification you need to identify damage scenarios that might be realized in case an asset’s cybersecurity property is compromised. For a detailed description please go to page Identifying Assets And Damage Scenarios | Step 2: Cybersecurity assets and damage scenarios of SOX TARA user guide.

  1. Manage your damage scenarios in corresponding project damage scenarios view. The impact can be rated in categories Safety, Financial, Operational, and Privacy or any additional category defined in a custom profile.

  2. Assign a damage scenario from project damage scenarios view to an asset in TARA table via drag & drop or selection from the drop-down menu in column DS Name.

The next figure suggests a possible outcome:

Threat scenario identification

Each combination of cybersecurity asset and damage scenario can be related to n threat scenarios. For a detailed description please go to page new Identifying Threat ScenariosUNDEFINED of SOX TARA user guide.

  1. Manage your threat scenarios in corresponding project threat scenarios view or use a global threat scenario catalog.

  2. Add a nested table for threat scenarios to a damage scenario via right-click on a row in the master table and select “Add Threat Scenario” from the context menu.

  3. Add a threat scenario from project threat scenarios view via drag & drop or selection from the drop-down menu in column Threat Scenarios.

  4. Alternatively you may add a threat scenario from a global threat scenario catalog to TARA table via drag & drop.

The next figure suggests a possible outcome:

Identifying Attack Paths

Each threat scenario can be related to n attack paths. For a detailed description please go to page https://enco-software.atlassian.net/wiki/pages/createpage.action?spaceKey=SUD&title=new%20Attack%20Path%20Analysis&linkCreation=true&fromPageId=3440592039 of SOX TARA user guide.

  1. Add a nested table for attack paths to a threat scenario via right-click on a threat scenario and select “Add Attack Path” from the context menu.

  2. Fill all columns as needed. AF Rating Approach provides a drop-down menu with three different rating methods.

Next figure shows an example outcome using attack potential approach to calculate the attack feasibility.

The Attack Feasibility is derived from processing the relevant input. Note that the highest value, in this case, “High”, propagates to the Threat Scenario.

Identifying Attack Steps

Each attack path can consist of several attack steps. For a detailed description please go to page Attack Path Analysis | Identifying Attack Steps of SOX TARA user guide.

  1. Add a nested table for attack steps to an attack path via right-click on an attack path and select “Add Attack Step” from the context menu.

  2. Fill all columns as needed.

Attack steps provide a variety of attributes to describe the attack action in more detail, for example attack steps may have a local attack feasibility. Attack steps can also be chained together by defining a preceding step.

Next figure shows an example outcome:

Risk values and risk treatment

Risk Treatment is done for each combination of damage and threat scenario. For a detailed description please go to page Risk Treatment of SOX TARA user guide.

In TARA table open the nested table for threat scenarios of any damage scenario. Right to group Threat Scenario you find the Risk Values group showing the derived risk level for any rated impact category.

  1. Select a risk treatment option.

  2. Depending on risk treatment option define a cybersecurity goal or claim.

  3. Add additional information as needed.

Next figure shows a damage scenario having two threat scenarios of different options:

The Risk Mitigation group replicate across the tables for threat scenarios, attack paths and attack steps. The drop-down lists in columns Requirement and Control provide all entries from corresponding catalogs located in the public folder in catalogs panel.