Skip to main content

Purpose

Threat scenarios provide a reusable classification layer for threats. Rather than duplicating scenario definitions across TARA modules, the solution stores scenarios in a central ThreatScenarioCatalog document. Individual TARA records link to scenarios via the hasThreatScenario link role, enabling consistent threat naming and cross-module analysis.

Work Item Identity

PropertyValue
Type IDthreatScenario
LabelThreat Scenario
IconMAN_project_monitoring_and_control.gif
Tracker PrefixTR
Form LayoutthreatScenario-form-layout.xml

Custom Fields

The threatScenario type has no TARA-specific custom fields beyond the standard Polarion fields (Title, Description, Status, Priority) and the global classification field.
Field IDNameTypeDescription
classificationClassificationenum:classificationGlobal field. Values: sc (Special Characteristic), cc (Critical Characteristic), cybersecurity.
The threat scenario’s Title serves as the primary identifier displayed in the Risksheet threatScenario column. The Description field provides detailed narrative about the threat.

Shared Catalog

Threat scenarios are stored in the shared catalog document:
PropertyValue
DocumentRisks/ThreatScenarioCatalog
SpaceRisks
Item Count15 scenarios + 1 heading
Reuse PatternReferenced via itemLink columns across all TARA modules
The catalog enables centralized threat scenario management. When a new threat scenario is identified, it is added once to the catalog and becomes available to all TARA modules in the project.
Role IDForward LabelTarget TypeDescription
parenthas parentthreatScenarioHierarchical grouping within the catalog (sameType=true).
Role IDReverse LabelSource TypeDescription
hasThreatScenariois Threat Scenario intaraRecordTARA records referencing this scenario. Each TARA record links to exactly one threat scenario.

Risksheet Integration

In the TARA Risksheet, the threat scenario appears as a Level 4 hierarchy column:
Column IDHeaderTypeGroupKey Properties
threatScenarioThreat ScenarioitemLinkThreat Identification (purple)linkRole=hasThreatScenario, document=Risks/ThreatScenarioCatalog, queryFactory=threatScenarioQuery

Query Factory

The threatScenarioQuery factory populates the picker dropdown:
type:threatScenario
This returns all threatScenario work items in the project. The picker displays the scenario title and creates a hasThreatScenario link when selected.

Hierarchy Position

Threat scenarios sit at Level 4 in the Risksheet 5-level hierarchy:
LevelColumnDescription
1StakeholderWho is affected
2CIAx PropertyWhat security aspect
3Damage ScenarioWhat harm results
4Threat ScenarioHow the threat manifests
5Threat PathConcrete attack vector

Workflow

The threatScenario type follows the general work item workflow:
StateColorDescription
draft#3366FFInitial state.
inReview#FFFF99Submitted for review.
pendingApproval#FFFF33Awaiting formal approval.
approved#66FF66Approved for use in TARA analysis.
rejected#FF3300Rejected. Requires rework.
obsoleteDeprecated. Retained for traceability.

Traceability Context

The threat scenario connects to the TARA record in the threat identification phase:
Stakeholder  <--hasStakeholder--  TARA Record  --hasThreatScenario-->  Threat Scenario
Each TARA record captures one specific threat path under a threat scenario. Multiple TARA records can reference the same threat scenario with different threat paths, CIAx properties, and damage scenarios.

Form Layout Notes

The threatScenario-form-layout.xml layout exposes:
  • Standard fields: Title, Description, Status, Priority
  • Linked items section showing TARA records that reference this scenario