TARA process high-level overview Copy link to clipboard

Please refer to the below image representing the high-level TARA workflow that reflects the ISO 21434 regulation. The Item Definition is a pre-condition of a TARA, followed by the Asset Identification that is associated with the Security Properties which lead to the Impact Rating. Proceeding with the Threat Analysis that evaluates the probability of the potential Attack Steps as well as the likelihood to achieve them.
In addition, you can analyze the conceivable risks related to your Item Definition on which you can decide whether this would be acceptable, otherwise appropriate countermeasures have to be applied in order to mitigate the identified risk. We call them Controls. Basically, once you have modelled your TARA end-to-end, you will be able to evaluate the Impact and the Attack Feasibility which will result in an overall Risk Level.