The module Threat Analysis and Risk Assessment (TARA) meets your security needs according to relevant industry norms such as ISO/SAE 21434 „Road vehicles – Cybersecurity engineering“ as the new industry standard for automotive cybersecurity.
In TARA security analysis starts with modelling the item or preliminary architecture based on SysML/UML. Identify asset candidates directly in the model and further analyze them by identifying damage scenarios with respect to cybersecurity properties and stakeholders. Allocate threat scenarios to a damage scenario and identify attack paths. Attack paths can be further detailed by defining exact attack steps.
Impact and attack feasibility rating can be done based on pre-defined and /or customized parameters. Rate the attack feasibility by either using an attack potential based approach, CVSS based approach or attack vector. In addition, rating parameters incl. their levels and mapping tables, as well as risk matrices can be customized and stored to a TARA profile for reuse. For example, define an individual risk matrix for each impact category.
Finally, decide on risk treatment and define cybersecurity goals or claims. You may add requirements and cybersecurity controls to define your security concept.
TARA Step-by-Step Guide (ISO/SAE 21434)