Actions

Threat Agent Risk Assessment (TARA)

Revision as of 16:58, 20 March 2020 by User (talk | contribs)

The Threat Agent Risk Assessment (TARA) is a threat-based methodology to help identify, assess, prioritize, and control cybersecurity risks. It is a practical method to determine the most critical exposures while taking into consideration mitigation controls and accepted levels of risk. It is intended to augment formal risk methodologies to include important aspects of attackers, resulting in a much improved picture of risk.[1]


Threat Agent Risk Assessment (TARA)
source: Intel


The TARA Process in Detail To find the critical areas of exposure, the TARA methodology uses six steps. 1. Measure current threat agent: regularly review and rank the current threat levels. This is a qualitative to quantitative exercise necessary to establish a general understanding of current risks, and it creates a baseline for future TARA exercises. 2. Distinguish threat agents that exceed baseline acceptable risks: measure new threat levels when starting a new project; create an acceptable risk baseline if current baseline is determined to be insufficient. At the end of steps 1 and 2, threat agents that exceed the current or new baseline threat level for the areas being evaluated will have been identified. 3. Derive primary objectives of those threat agents. TARA defines objectives as the combination of threat agent motivations and threat agent capabilities. Using the MOL, we derive the primary motivations and objectives of those threat agents identified in steps 1 and 2. Motivations are important because they underpin action, and they contribute to factors such as the attacker’s commitment, the point at which attacker will cease pursuit, and the attacker’s susceptibility to targets of opportunity. Table 2 lists some examples of threat agent objectives. 4. Identify methods likely to manifest. Again using the MOL, we identify the likely methods by which an attack may occur. TARA defines a method as a combination of threat agent objectives and threat agent operating methods. TARA identifies the type of impact we could expect based on motivations and objectives. 5. Determine the most important collective exposures. Using the CEL, the methodology first finds attack vectors, which are vulnerabilities without controls. Then, the intersection of the methods determined in step 4 and the attack vectors define likely exposures. Finally,

  1. Definition - What Does Threat Agent Risk Assessment (TARA) Mean? Matthew Rosenquist, Timothy Casey