Overview
The TARA Risksheet template provides 7 views that implement progressive disclosure — each view shows only the columns relevant to the current analysis phase. This reduces cognitive load and guides analysts through the ISO/SAE 21434 workflow step by step.
The 7 Views
Overview (Default)
The executive summary view loaded when opening a TARA module. Shows the complete risk picture without the detailed input columns.
Columns: stakeholder, damageScenario, threatScenario, taraImpact, taraFeasibility, taraVerdict, treatmentChoice, treatmentStatus, cybersecurityGoal, goalCal, taraClaims, description
Use for: Management review, status tracking, quick risk overview.
1. Identify Threats
Focused on threat enumeration per ISO/SAE 21434 Clause 15. Hides all assessment and treatment columns.
Columns: stakeholder, ciaxProperty, damageScenario, threatScenario, threatPath, description
Use for: Initial threat identification — selecting stakeholders from the Stakeholder Catalog, choosing CIAx properties, describing damage scenarios, linking threat scenarios from the Threat Scenario Catalog, and specifying attack paths.
2. Assess Feasibility
Exposes the five attack potential factors for scoring per ISO/SAE 21434 Annex G.
Columns: stakeholder, ciaxProperty, damageScenario, threatScenario, threatPath, attackTime, attackExpertise, attackKnowledge, attackWoo, attackEquipment, taraFeasibility, description
Use for: Scoring each threat path on the five EVITA attack potential factors. The feasibilityFormula auto-computes the aggregate feasibility level.
All five attack factors (TIME, EXP, KNOW, WOO, EQP) must be set before the taraFeasibility column computes a result. If any factor is missing, the field remains blank.
3. Risk Assessment
Combines impact (manually set) and computed feasibility to produce the risk verdict.
Columns: stakeholder, ciaxProperty, damageScenario, threatScenario, threatPath, taraImpact, taraFeasibility, taraVerdict, description
Use for: Setting the impact level and reviewing the computed verdict (1-5). The verdictFormula uses the Impact x Feasibility matrix.
4. Risk Treatment
Full context for treatment decisions including goals, claims, and risk controls.
Columns: stakeholder, ciaxProperty, damageScenario, threatScenario, threatPath, taraImpact, taraFeasibility, taraVerdict, treatmentChoice, treatmentStatus, cybersecurityGoal, goalCal, taraClaims, task, taskTitle, description
Use for: Selecting treatment strategy (Reducing/Avoiding/Sharing/Retaining), linking cybersecurity goals or documenting claims, and creating risk controls. The goalHighlight and claimHighlight decorators enforce treatment completeness.
5. Req & Verification
Downstream traceability showing requirements and test coverage per ISO/SAE 21434 Clauses 10 and 12.
Columns: stakeholder, damageScenario, threatScenario, cybersecurityGoal, goalCal, task, taskTitle, requirements, verification
Use for: Reviewing the full traceability chain from TARA records through controls to requirements and test cases. The requirements and verification columns use Velocity serverRender to traverse link chains.
Full View
Shows all 22 columns using the @all wildcard.
Use for: Complete record inspection, PDF export, or comprehensive audit review.
Column Group Color Coding
Each view uses color-coded column group headers to visually identify the analysis phase:
| Group | Color | Columns |
|---|
| Threat Identification | Purple | stakeholder, ciaxProperty, damageScenario, threatScenario, threatPath |
| Attack Feasibility | Blue | attackTime, attackExpertise, attackKnowledge, attackWoo, attackEquipment |
| Risk Assessment | Red | taraFeasibility, taraImpact, taraVerdict |
| Risk Treatment | Green | treatmentChoice, treatmentStatus |
| Cybersecurity Goal | Teal | cybersecurityGoal, goalCal |
| Cybersecurity Claim | Gold | taraClaims |
| Requirements & Verification | Light Purple | requirements, verification |
5-Level Row Hierarchy
All views share the same row grouping hierarchy, enabling collapse/expand at any level:
| Level | Column | Purpose |
|---|
| 1 | stakeholder | Who is affected |
| 2 | ciaxProperty | What security aspect |
| 3 | damageScenario | What harm results |
| 4 | threatScenario | How the threat manifests |
| 5 | threatPath | Specific attack vector |
Collapse to Level 1 (Stakeholder) for a high-level risk count per stakeholder. Expand to Level 5 for detailed per-threat-path analysis. The rowHeaderVerdict decorator colors row headers by verdict even in collapsed views.
See Also
