Threat Analysis and Risk Assessment (TARA)
FESCARO TARA service helps you identify possible security threats, conduct a systematic security assessment of how vulnerable your target system can be due to those security threats, and derive security objectives and security requirements that are the basis for security tests and implementing security features.
FESCARO TARA service is effective in identifying possible security threats within a limited resource (schedule and budget) and when prioritization of security threats is required.
- TOE / Functional Use Cases (UC) are entered into the Threat Analysis process.
- Threat Analysis process outputs two results.
- Assets and threats to each asset on the UC side (Out_01)
- Security attributes affected by each asset threat (Out_02)
- Threats (Out_01), threat levels (TL), and impact levels (IL) are entered into the Risk Assessment process.
- Risk Assessment process outputs a security level (Out_03) for each asset in the TOE / UC.
- Risk Assessment process can determine priorities based on the assessment of the risks per identified threat.
- Security properties (Out_02) and the security level (Out_03) are entered into the Security Requirements process.
- Security Requirements process outputs a high level of security requirements (Out_04).
- Security Requirements process formulates cybersecurity requirements for assets and TOEs to derive software and hardware cybersecurity requirements based on those security requirements during product development.