Goal: Identification of Assets, Damage Scenarios and Estimation of Impact
Based on the Item Definition, which consists of a set of Functions, Components, Data and Data Flows, you can decide on the meaningful assets, that you would like to cover as part of your TARA. We consider an asset meaningful, when breaking it might lead to damages – either for the road user or the organization. Damages are described using Damage Scenarios in the corresponding chunk. You may create these elements manually as follows. We highly recommend to use the dedicated Asset Identification Assistant, though, which will be described in the next chapter.
Damage Scenarios can be customized with the depicted editor. You can modify the following properties:
-
Name: Short identifier of the Damage Scenario, e.g. DS.1
-
Title: Descriptive title of the Damage Scenario, e.g. Headlamp turns off unexpectedly
-
Description: Description of the Damage Scenario
-
Normal Behavior: Additional description field to cover the expected or normal behavior
-
Operational Situation: Additional description field to cover the context of the Damage Scenario
-
Concerns: Define a list of qualified assets. A qualified asset consists of a cybersecurity property and a System Element or Function.
-
Impact: Capture the impact of the Damage Scenario based on the Impact Categories and Impact Options defined in the active Method Configuration. You may add a rationale for each individual Impact Option decision.
-
Threat Scenarios: This is a read-only property that lists the Threat Scenarios that are realizing the Damage Scenario.
The assistant supports creating the Assets and corresponding Damage Scenarios, including rationales, in a structured manner. It can be found in the Assistants folder and will show a list of System Elements and Functions. Each element is paired with the available cybersecurity properties. The following image shows one particular function with some decisions made.
-
Availability of OffFunc: This entry has not been processed, yet. You may either accept this suggestion or reject it. Accepting it will create a Damage Scenario for you and include the corresponding qualified asset.
-
Integrity of OffFunc: This entry shows an accepted suggestion. The name of the created Damage Scenario is shown in brackets (e.g. DS.1). You can reset this suggestion which removes the corresponding Damages Scenario from your model.
-
Confidentiality of OffFunc: In case you rejected a suggestion it will look as depicted here. The decision will be part of your model and a rationale can be given in the inspector window. This way it is clear that you did not forget about this case but ignored it intentionally for now.