Threat Assessment and Remediation Analysis (TARA)
MITRE CORP BEDFORD MA BEDFORD United States
Pagination or Media Count:
Threat Assessment and Remediation Analysis TARA is an engineering methodology used to identify and assess cyber vulnerabilities and select countermeasures effective at mitigating those vulnerabilities. TARA is part of a MITRE portfolio of systems security engineering SSE practices that contribute to achievement of mission assurance MA for systems during the acquisition process. The TARA assessment approach can be described as conjoined trade studies, where the first trade identifies and ranks attack vectors based on assessed risk, and the second identifies and selects countermeasures based on assessed utility and cost. Unique aspects of the methodology include use of catalog-stored mitigation mappings that preselect plausible countermeasures for a given range of attack vectors, and use of countermeasure selection strategies that prescribe the application of countermeasures based on level of risk tolerance. This paper outlines the SSE-MA portfolio and describes the TARA methodology.
- Computer Systems Management and Standards