Skip to main content

View Summary

View NamePurposeWorkflow Phase
OverviewFull risk picture for management reviewAll phases
1. Identify ThreatsThreat enumeration and catalogingPhase 1
2. Assess FeasibilityAttack factor scoringPhase 2
3. Risk AssessmentImpact entry and verdict computationPhase 3
4. Risk TreatmentTreatment decisions and goal linkingPhase 4
5. Req & VerificationTraceability and verification coveragePhase 5
Full ViewAll columns for export or auditUtility

Overview

The default view loaded when opening the TARA Risksheet. Provides a high-level summary across all five analysis phases.
Visible Columns
stakeholder
damageScenario
threatScenario
taraImpact
taraFeasibility
taraVerdict
treatmentChoice
treatmentStatus
cybersecurityGoal
goalCal
taraClaims
description
Notes: All computed fields (taraFeasibility, taraVerdict, description) appear as read-only outputs. This view is designed for management review and status tracking. The five attack factor columns (TIME, EXP, KNOW, WOO, EQP) are hidden.

1. Identify Threats

Phase 1 workflow view focused on threat identification. Hides all assessment and treatment columns.
Visible Columns
stakeholder
ciaxProperty
damageScenario
threatScenario
threatPath
description
Notes: Analysts populate threat records by selecting stakeholders from the Risks/StakeholderCatalog, assigning CIAx properties, describing damage scenarios, linking threat scenarios from the Risks/ThreatScenarioCatalog, and documenting attack paths. No risk scoring or treatment columns are visible. Proceed to view 2 after threat enumeration is complete.

2. Assess Feasibility

Phase 2 workflow view exposing all five EVITA attack factor columns alongside the computed feasibility result.
Visible Columns
stakeholder
ciaxProperty
damageScenario
threatScenario
threatPath
attackTime (TIME)
attackExpertise (EXP)
attackKnowledge (KNOW)
attackWoo (WOO)
attackEquipment (EQP)
taraFeasibility
description
Notes: Analysts enter individual attack factor values from their respective enums. The feasibilityFormula automatically computes the taraFeasibility rating once all five factors are populated. The feasibility column displays blank until all inputs are provided. See Risksheet Formulas Reference for the scoring algorithm and threshold boundaries.

3. Risk Assessment

Phase 3 view combining manually-entered impact with computed feasibility to produce the risk verdict.
Visible Columns
stakeholder
ciaxProperty
damageScenario
threatScenario
threatPath
taraImpact
taraFeasibility
taraVerdict
description
Notes: Analysts set taraImpact for each threat record. The verdictFormula computes taraVerdict (1-5) from the 4x4 impact-feasibility matrix. The verdict column is color-coded from green (1) to red (5) by the verdictDecorator. See Risksheet Formulas Reference for the full matrix.

4. Risk Treatment

Phase 4 view for treatment decisions. Shows full context plus treatment, goal, claim, and risk control columns. The goalHighlight and claimHighlight decorators enforce treatment completeness.
Visible Columns
stakeholder
ciaxProperty
damageScenario
threatScenario
threatPath
taraImpact
taraFeasibility
taraVerdict
treatmentChoice
treatmentStatus
cybersecurityGoal
goalCal
taraClaims
task
taskTitle
description
Notes: Risk owners select a treatment choice and are guided by the validation decorators:
  • reducing or avoiding requires linking a Cybersecurity Goal (enforced by goalHighlight)
  • retaining or sharing requires entering claims text (enforced by claimHighlight)
Risk control tasks are created via the task column, which links riskControl work items using the mitigates link role. The goalCal column enables setting the CAL on the linked cybersecurity goal directly from this view. The calDecorator validates CAL against the minimum required by the verdict.

5. Req & Verification

Phase 5 view for requirements traceability and verification coverage. Uses Velocity server-side rendering to traverse back-links.
Visible Columns
stakeholder
damageScenario
threatScenario
cybersecurityGoal
goalCal
task
taskTitle
requirements
verification
Notes: The requirements column uses a Velocity serverRender template to traverse: riskControl <— back-links <— sysReq / desReq. The verification column continues the traversal: sysReq / desReq <— back-links <— testCase. This implements the ISO/SAE 21434 verification traceability evidence chain: 
taraRecord --> riskControl <-- sysReq/desReq <-- testCase
Quality engineers use this view to verify that each risk control has linked requirements and those requirements have test cases.

Full View

Shows all configured columns using the @all wildcard.
Visible Columns
All defined columns
Notes: Renders every column defined in the columns array. Useful for Excel export, PDF generation, or comprehensive audit review sessions.

View Selection Guide

RoleRecommended View
TARA Analyst (threat identification)1. Identify Threats
TARA Analyst (feasibility scoring)2. Assess Feasibility
TARA Analyst (impact + verdict)3. Risk Assessment
Risk Owner / Security Engineer4. Risk Treatment
Quality Engineer / V&V Lead5. Req & Verification
Project Manager / ManagementOverview
Auditor / Compliance ReviewFull View