Summary
In this chapter, we introduced a practical approach to performing an efficient TARA. Our goal was to explain the fundamentals behind the ISO/SAE 21434 TARA methods while highlighting steps that can improve the results of the TARA and reduce the overall TARA preparation effort. We showed numerous pitfalls that engineering teams can fall into when performing the TARA process and provided tips and best practices to avoid them. The practical approach was broken into several phases, with the first phase starting with knowing the system by defining assumptions, understanding the use case under analysis, and modeling the system context and data flow. In the second phase, assets, damage scenarios, threats, and attack paths are identified and traced to one another. This paves the way for the third phase of attack feasibility and impact rating, which are necessary steps to calculate the risk levels and enable the risk treatment decision-making process. Once the risks have been prioritized...
