TARA - Threat Analysis and Risk Assessment
The SOX module threat analysis and risk assessment (TARA) meets your security needs with consideration of relevant standards such as ISO/SAE 21434 „Road vehicles – Cybersecurity engineering“ and guidebooks like SAE J3061 „Cybersecurity Guidebook for Cyber-Physical Vehicle Systems“.
The ISO/SAE 21434 is the new standard for automotive cybersecurity.
While using the selected method like HEAVENs, STRIDE and EVITA, you are provided with all the necessary parameters to calculate the security level, e.g. choosing the HEAVENs method provides parameters such as STRIDE Threats, Impact Level (Safety, Financial, Operational, Privacy and Legislation) and Threat Level parameters (Expertise, Knowledge about TOE, Window of Opportunity, Equipment).
Security level as well as safety levels are derivable from the threat analysis and risk assessment which can be connected with safety, security or safety/security relevant requirements in the Requirements module.
Asset/Stride Threat Mapping
Any object in any UML/SysML diagram (e.g. Activity, Sequence, Block Definition and much more) can be declared as Asset and will be automatically connected with the corresponding TARA document.
The corresponding Asset type can be selected (e.g. Data Memory and Data Process) while the possible STRIDE threats and the corresponding Security Attribute will be derived automatically.
Threat Level parameters can be adapted when choosing the costumer-specific method as well as their assorted characteristics. Furthermore, an adaptable risk matrix for calculating the security level depending on Threat Level Parameters is provided.