Accession Number:

AD1016629

Title:

Threat Assessment and Remediation Analysis (TARA)

Descriptive Note:

Technical Report

Corporate Author:

MITRE CORP BEDFORD MA BEDFORD United States

Personal Author(s):

Report Date:

2014-10-01

Pagination or Media Count:

19.0

Abstract:

Threat Assessment and Remediation Analysis TARA is an engineering methodology used to identify and assess cyber vulnerabilities and select countermeasures effective at mitigating those vulnerabilities. TARA is part of a MITRE portfolio of systems security engineering SSE practices that contribute to achievement of mission assurance MA for systems during the acquisition process. The TARA assessment approach can be described as conjoined trade studies, where the first trade identifies and ranks attack vectors based on assessed risk, and the second identifies and selects countermeasures based on assessed utility and cost. Unique aspects of the methodology include use of catalog-stored mitigation mappings that preselect plausible countermeasures for a given range of attack vectors, and use of countermeasure selection strategies that prescribe the application of countermeasures based on level of risk tolerance. This paper outlines the SSE-MA portfolio and describes the TARA methodology.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE