Prerequisites
- A TARA module exists and is linked to a system element via the
systemElementId document field
- The Stakeholder Catalog (
Risks/StakeholderCatalog) contains at least one stakeholder
- The Threat Scenario Catalog (
Risks/ThreatScenarioCatalog) contains relevant threat scenarios
Steps
1. Open the TARA module in Risksheet
Navigate to your TARA module from the Risks Home dashboard or the sidebar Risksheets panel. The module opens in the Risksheet editor.
2. Switch to the “1. Identify Threats” view
Select 1. Identify Threats from the view dropdown at the top of the Risksheet. This view shows only the threat identification columns:
| Column | Field | Type |
|---|
| Stakeholder | stakeholder | itemLink (catalog picker) |
| CIAx Property | ciaxProperty | Enum dropdown |
| Damage Scenario | damageScenario | Free text |
| Threat Scenario | threatScenario | itemLink (catalog picker) |
| Threat Path | threatPath | Free text |
3. Add a new TARA record
Click the Add button to create a new row. Each row represents one threat path — a specific attack vector for a particular damage scenario.
4. Select a Stakeholder
Click the Stakeholder cell. A picker dropdown appears, populated by the stakeholderQuery factory (Lucene query: type:stakeholder). Select the affected stakeholder (e.g., Vehicle Owner, Backend Server, Road Authority).
This creates a Polarion work item link using the hasStakeholder link role between the TARA record and the selected stakeholder.
The picker only shows items from Risks/StakeholderCatalog. If you need a new stakeholder, add it to the catalog first. See Use Shared Catalogs. 5. Choose a CIAx Property
Click the CIAx Property cell and select the security property that is threatened:
| Value | Meaning |
|---|
confidentiality | Information not disclosed to unauthorized entities |
integrity | Information not altered by unauthorized means |
availability | Timely and reliable access to information and functions |
authenticity | Information originates from a verified source |
authorization | Only authorized entities can perform actions |
nonRepudiation | Action or event cannot be denied afterward |
6. Describe the Damage Scenario
Click the Damage Scenario cell and type a concise description of the harm that would result if the threat is realized. For example:
“Unauthorized modification of brake control signals could result in unintended vehicle deceleration.”
The damage scenario drives the impact assessment in the next workflow step. Vague descriptions like “security breach” make it difficult to assign an accurate impact level. Include the affected function, the type of harm, and the potential severity.
7. Select a Threat Scenario
Click the Threat Scenario cell. A picker shows items from the Threat Scenario Catalog (Risks/ThreatScenarioCatalog), filtered by the threatScenarioQuery factory. Select the matching threat scenario.
This creates a link using the hasThreatScenario link role.
8. Specify the Threat Path
Click the Threat Path cell and describe the specific attack vector. For example:
“Attacker exploits unpatched OBD-II diagnostic port to inject malicious CAN frames targeting the brake ECU.”
The threat path is the most granular level of the 5-level hierarchy: Stakeholder > CIAx > Damage Scenario > Threat Scenario > Threat Path. Each unique threat path should be a separate TARA record.
9. Repeat for all identified threats
Continue adding rows for each threat path. The Risksheet automatically groups records by the 5-level hierarchy (stakeholder, then CIAx property, then damage scenario, then threat scenario, then threat path) based on the sortBy configuration.
10. Verify the Description column
Check the Description column (rightmost). The description formula auto-generates a structured summary:
STAKEHOLDER: [stakeholder title]
DAMAGE: [damageScenario]
THREAT: [threatScenario title]
PATH: [threatPath]
Verification
Next Step
Proceed to Score Attack Feasibility using the “2. Assess Feasibility” view.
See Also
