View The Document

Accession Number:

AD1016629

Title:

Threat Assessment and Remediation Analysis (TARA)

Personal Author(s):

Wynn,Jackson

Corporate Author:

MITRE CORP BEDFORD MA BEDFORD United States

Report Date:

2014-10-01

Abstract:

Threat Assessment and Remediation Analysis TARA is an engineering methodology used to identify and assess cyber vulnerabilities and select countermeasures effective at mitigating those vulnerabilities. TARA is part of a MITRE portfolio of systems security engineering SSE practices that contribute to achievement of mission assurance MA for systems during the acquisition process. The TARA assessment approach can be described as conjoined trade studies, where the first trade identifies and ranks attack vectors based on assessed risk, and the second identifies and selects countermeasures based on assessed utility and cost. Unique aspects of the methodology include use of catalog-stored mitigation mappings that preselect plausible countermeasures for a given range of attack vectors, and use of countermeasure selection strategies that prescribe the application of countermeasures based on level of risk tolerance. This paper outlines the SSE-MA portfolio and describes the TARA methodology.

Descriptive Note:

Technical Report

Pages:

0019

Descriptors:

vulnerability

computer security techniques

threat evaluation

Metrics

Identifiers:

TARA(Threat Assessment and Remediation Analysis)

cyber vulnerabilities

SSE(systems security engineering)

Crown Jewels Analysis

countermeasure selection strategy

Subject Categories:

Computer Systems Management and Standards

Communities Of Interest:

Cyber

Distribution Statement:

Approved For Public Release;

Contract Number:

FA8702-14-C-0001

File Size:

1.31MB

View The Document