Threat Agent Risk Assessment (TARA) - Revision history

User at 22:39, 17 January 2023

2023-01-17T22:39:04Z

User: The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

2021-02-06T18:54:05Z

The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

User at 18:54, 20 March 2020

2020-03-20T18:54:08Z

User at 18:47, 20 March 2020

2020-03-20T18:47:00Z

User at 18:39, 20 March 2020

2020-03-20T18:39:39Z

User at 18:23, 20 March 2020

2020-03-20T18:23:18Z

User at 16:58, 20 March 2020

2020-03-20T16:58:54Z

User at 16:26, 20 March 2020

2020-03-20T16:26:43Z

User: Created page with "The '''Threat Agent Risk Assessment (TARA)''' is a threat-based methodology to help identify, assess, prioritize, and control cybersecurity risks. It is a p..."

2020-03-20T16:26:04Z

Created page with "The '''Threat Agent Risk Assessment (TARA)''' is a threat-based methodology to help identify, assess, prioritize, and control cybersecurity risks. It is a p..."

New page

The '''Threat Agent Risk Assessment (TARA)''' is a threat-based methodology to help identify, assess, prioritize, and control [[Cyber Security|cybersecurity]] risks. It is a practical method to determine the most critical exposures while taking into consideration [[Risk Mitigation|mitigation controls and accepted levels of risk]]. It is intended to augment formal [[Risk Assessment Framework (RAF)|risk methodologies]] to include important aspects of attackers, resulting in a much improved picture of [[Risk|risk]].<ref>Definition - What Does Threat Agent Risk Assessment (TARA) Mean? [https://www.researchgate.net/project/Threat-Agent-Risk-Assessment-TARA Matthew Rosenquist, Timothy Casey]</ref>

[[File:Threat_Agent_Risk_Assessment.png|400px|Threat Agent Risk Assessment (TARA)]]<br />
source: Intel

@@ Line 1: / Line 1: @@
-The '''Threat Agent Risk Assessment (TARA)''' is a threat-based [[methodology]] to help identify, assess, prioritize, and [[control]] [[Cyber Security|cybersecurity]] risks. It is a practical method to determine the most critical exposures while taking into consideration [[Risk Mitigation|mitigation controls and accepted levels of risk]]. It is intended to augment formal [[Risk Assessment Framework (RAF)|risk methodologies]] to include important aspects of attackers, resulting in a much improved picture of [[Risk|risk]].<ref>Definition - What Does Threat Agent Risk Assessment (TARA) Mean? [https://www.researchgate.net/project/Threat-Agent-Risk-Assessment-TARA Matthew Rosenquist, Timothy Casey]</ref>
+The '''Threat Agent Risk Assessment (TARA)''' is a threat-based methodology to help identify, assess, prioritize, and control [[Cyber Security|cybersecurity]] risks. It is a practical method to determine the most critical exposures while taking into consideration [[Risk Mitigation|mitigation controls and accepted levels of risk]]. It is intended to augment formal risk methodologies to include important aspects of attackers, resulting in a much improved picture of risk.<ref>[https://www.researchgate.net/project/Threat-Agent-Risk-Assessment-TARA Definition - What Does Threat Agent Risk Assessment (TARA) Mean? -Matthew Rosenquist, Timothy Casey]</ref>
@@ Line 8: / Line 8: @@
 '''TARA Components<ref>TARA Components  [https://media10.connectedsocialmedia.com/intel/10/5725/Intel_IT_Business_Value_Prioritizing_Info_Security_Risks_with_TARA.pdf Intel Information Technology]</ref>'''<br />
 The TARA methodology relies on three main references to reach its predictive conclusions:
-*Threat agent library (TAL): The primary premise of the TARA methodology is that threat agents are the source of information security losses. Previously, Intel developed the TAL to simplify the character set of all possible threat agents. It was therefore a natural choice to use it with the TARA methodology. The Intel TAL defines eight common threat agent attributes, such as intent—hostile or non-hostile—and access—internal or external. Based on unique combinations of these attributes, the TAL identifies 22 unique threat agent archetypes, such as disgruntled [[employee]], competitor, and organized crime. It is important to remember that the TAL provides [[Archetype|archetypes]], not exact descriptions of real people; individuals may vary in degree of hostility from the [[model]], for example.
+*Threat agent library (TAL): The primary premise of the TARA methodology is that threat agents are the source of information security losses. Previously, Intel developed the TAL to simplify the character set of all possible threat agents. It was therefore a natural choice to use it with the TARA methodology. The Intel TAL defines eight common threat agent attributes, such as intent—hostile or non-hostile—and access—internal or external. Based on unique combinations of these attributes, the TAL identifies 22 unique threat agent archetypes, such as disgruntled employee, competitor, and organized crime. It is important to remember that the TAL provides archetypes, not exact descriptions of real people; individuals may vary in degree of hostility from the model, for example.
-*Methods and objectives library (MOL): The MOL lists known threat agent objectives — what they want to accomplish — and the most likely methods they will employ to reach these objectives. These methods and objectives are cross-referenced with defense-indepth controls, such as firewalls, proxies, secure [[device]] configurations, and a securityaware workforce. When the MOL is coupled with the TAL, a picture begins to emerge of the types of likely possible attacks, based upon many factors such as resources, objectives, typical methods, and preferred vulnerabilities. Additionally, an estimate of consequences begins to form. When the CEL is overlaid on this picture, those vulnerabilities with sufficient controls aligned to reduce risk are dropped, and the remaining vectors of attack emerge as the areas of highest exposure.
+*Methods and objectives library (MOL): The MOL lists known threat agent objectives — what they want to accomplish — and the most likely methods they will employ to reach these objectives. These methods and objectives are cross-referenced with defense-indepth controls, such as firewalls, proxies, secure device configurations, and a securityaware workforce. When the MOL is coupled with the TAL, a picture begins to emerge of the types of likely possible attacks, based upon many factors such as resources, objectives, typical methods, and preferred vulnerabilities. Additionally, an estimate of consequences begins to form. When the CEL is overlaid on this picture, those vulnerabilities with sufficient controls aligned to reduce risk are dropped, and the remaining vectors of attack emerge as the areas of highest exposure.
-*Common exposure library (CEL): For the first [[application]] of the TARA methodology, Intel created CEL, which enumerates known information security vulnerabilities and exposures. There are also several publicly available CELs that provide additional [[data]]. The CEL maps vulnerabilities against existing controls to show which exposures are residual. For example, with an antivirus solution installed on corporate laptop PCs, currently known viruses do not represent an overt exposure. However, if an unknown [[virus]] appears before the antivirus solution is updated, then an appreciable residual exposure exists.
+*Common exposure library (CEL): For the first application of the TARA methodology, Intel created CEL, which enumerates known information security vulnerabilities and exposures. There are also several publicly available CELs that provide additional data. The CEL maps vulnerabilities against existing controls to show which exposures are residual. For example, with an antivirus solution installed on corporate laptop PCs, currently known viruses do not represent an overt exposure. However, if an unknown [[virus]] appears before the antivirus solution is updated, then an appreciable residual exposure exists.
-[[Standard]] frameworks such as these help ensure consistency and comprehensiveness when different risk assessors apply TARA methodology to different environments.
+Standard frameworks such as these help ensure consistency and comprehensiveness when different risk assessors apply TARA methodology to different environments.
-'''The TARA [[Process]]<ref>The TARA Process in Detail [https://www.researchgate.net/publication/335589639_Prioritizing_Information_Security_Risks_with_Threat_Agent_Risk_Assessment_TARA Matt Rosenquist, Timothy Casey]</ref>'''<br />
+== The TARA Process<ref>The TARA Process in Detail [https://www.researchgate.net/publication/335589639_Prioritizing_Information_Security_Risks_with_Threat_Agent_Risk_Assessment_TARA Matt Rosenquist, Timothy Casey]</ref> ==
 To find the critical areas of exposure, the TARA methodology uses six steps.<br />
-. Measure current threat agent: Using the TAL. regularly review and rank the current threat levels. This is a qualitative to quantitative exercise necessary to establish a general understanding of current risks, and it creates a [[baseline]] for future TARA exercises.<br />2. Distinguish threat agents that exceed baseline acceptable risks: Again using the TAL, measure new threat levels when starting a new project; create an acceptable risk baseline if current baseline is determined to be insufficient.<br />At the end of steps 1 and 2, threat agents that exceed the current or new baseline threat level for the areas being evaluated will have been identified.<br />3. Derive primary objectives of those threat agents. TARA defines objectives as the combination of threat agent motivations and threat agent capabilities. Using the MOL - derive the primary motivations and objectives of those threat agents identified in steps 1 and 2. Motivations are important because they underpin action, and they contribute to factors such as the attacker’s commitment, the point at which attacker will cease pursuit, and the attacker’s susceptibility to targets of opportunity.<br />4. Identify methods likely to manifest. Again using the MOL - identify the likely methods by which an attack may occur. TARA defines a method as a combination of threat agent objectives and threat agent operating methods. TARA identifies the type of [[impact]] that could be expected based on motivations and objectives.<br />5. Determine the most important collective exposures. Using the CEL, the methodology first finds attack vectors, which are vulnerabilities without controls. Then, the intersection of the methods determined in step 4 and the attack vectors define likely exposures. Finally, these likely exposures are ranked according to their severity of consequence. The end result of step 5 is a list of the most important collective exposures.<br />6. Align [[strategy]] to [[target]] the most significant exposures. An assessment is worthless if it does not reinforce the decision-making process. Analysts and [[management]] can use the results of TARA analysis to concentrate their [[Information Security|information security]] strategy on the most important areas of concern and allocate [[Information Security Governance|information security resources]] in the most effective manner.
+. Measure current threat agent: Using the TAL. regularly review and rank the current threat levels. This is a qualitative to quantitative exercise necessary to establish a general understanding of current risks, and it creates a baseline for future TARA exercises.<br />2. Distinguish threat agents that exceed baseline acceptable risks: Again using the TAL, measure new threat levels when starting a new project; create an acceptable risk baseline if current baseline is determined to be insufficient.<br />At the end of steps 1 and 2, threat agents that exceed the current or new baseline threat level for the areas being evaluated will have been identified.<br />3. Derive primary objectives of those threat agents. TARA defines objectives as the combination of threat agent motivations and threat agent capabilities. Using the MOL - derive the primary motivations and objectives of those threat agents identified in steps 1 and 2. Motivations are important because they underpin action, and they contribute to factors such as the attacker’s commitment, the point at which attacker will cease pursuit, and the attacker’s susceptibility to targets of opportunity.<br />4. Identify methods likely to manifest. Again using the MOL - identify the likely methods by which an attack may occur. TARA defines a method as a combination of threat agent objectives and threat agent operating methods. TARA identifies the type of impact that could be expected based on motivations and objectives.<br />5. Determine the most important collective exposures. Using the CEL, the methodology first finds attack vectors, which are vulnerabilities without controls. Then, the intersection of the methods determined in step 4 and the attack vectors define likely exposures. Finally, these likely exposures are ranked according to their severity of consequence. The end result of step 5 is a list of the most important collective exposures.<br />6. Align strategy to target the most significant exposures. An assessment is worthless if it does not reinforce the decision-making process. Analysts and management can use the results of TARA analysis to concentrate their [[Information Security|information security]] strategy on the most important areas of concern and allocate information security resources in the most effective manner.
@@ Line 24: / Line 24: @@
 === See Also ===
-[[Risk]]<br />
+*[[OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation)]]
-[[Risk Analysis]]<br />
+*[[Factor Analysis of Information Risk (FAIR)]]
 === References ===
 <references/>

@@ Line 1: / Line 1: @@
-The '''Threat Agent Risk Assessment (TARA)''' is a threat-based methodology to help identify, assess, prioritize, and control [[Cyber Security|cybersecurity]] risks. It is a practical method to determine the most critical exposures while taking into consideration [[Risk Mitigation|mitigation controls and accepted levels of risk]]. It is intended to augment formal [[Risk Assessment Framework (RAF)|risk methodologies]] to include important aspects of attackers, resulting in a much improved picture of [[Risk|risk]].<ref>Definition - What Does Threat Agent Risk Assessment (TARA) Mean? [https://www.researchgate.net/project/Threat-Agent-Risk-Assessment-TARA Matthew Rosenquist, Timothy Casey]</ref>
+The '''Threat Agent Risk Assessment (TARA)''' is a threat-based [[methodology]] to help identify, assess, prioritize, and [[control]] [[Cyber Security|cybersecurity]] risks. It is a practical method to determine the most critical exposures while taking into consideration [[Risk Mitigation|mitigation controls and accepted levels of risk]]. It is intended to augment formal [[Risk Assessment Framework (RAF)|risk methodologies]] to include important aspects of attackers, resulting in a much improved picture of [[Risk|risk]].<ref>Definition - What Does Threat Agent Risk Assessment (TARA) Mean? [https://www.researchgate.net/project/Threat-Agent-Risk-Assessment-TARA Matthew Rosenquist, Timothy Casey]</ref>
@@ Line 8: / Line 8: @@
 '''TARA Components<ref>TARA Components  [https://media10.connectedsocialmedia.com/intel/10/5725/Intel_IT_Business_Value_Prioritizing_Info_Security_Risks_with_TARA.pdf Intel Information Technology]</ref>'''<br />
 The TARA methodology relies on three main references to reach its predictive conclusions:
-*Threat agent library (TAL): The primary premise of the TARA methodology is that threat agents are the source of information security losses. Previously, Intel developed the TAL to simplify the character set of all possible threat agents. It was therefore a natural choice to use it with the TARA methodology. The Intel TAL defines eight common threat agent attributes, such as intent—hostile or non-hostile—and access—internal or external. Based on unique combinations of these attributes, the TAL identifies 22 unique threat agent archetypes, such as disgruntled employee, competitor, and organized crime. It is important to remember that the TAL provides [[Archetype|archetypes]], not exact descriptions of real people; individuals may vary in degree of hostility from the model, for example.
+*Threat agent library (TAL): The primary premise of the TARA methodology is that threat agents are the source of information security losses. Previously, Intel developed the TAL to simplify the character set of all possible threat agents. It was therefore a natural choice to use it with the TARA methodology. The Intel TAL defines eight common threat agent attributes, such as intent—hostile or non-hostile—and access—internal or external. Based on unique combinations of these attributes, the TAL identifies 22 unique threat agent archetypes, such as disgruntled [[employee]], competitor, and organized crime. It is important to remember that the TAL provides [[Archetype|archetypes]], not exact descriptions of real people; individuals may vary in degree of hostility from the [[model]], for example.
-*Methods and objectives library (MOL): The MOL lists known threat agent objectives — what they want to accomplish — and the most likely methods they will employ to reach these objectives. These methods and objectives are cross-referenced with defense-indepth controls, such as firewalls, proxies, secure device configurations, and a securityaware workforce. When the MOL is coupled with the TAL, a picture begins to emerge of the types of likely possible attacks, based upon many factors such as resources, objectives, typical methods, and preferred vulnerabilities. Additionally, an estimate of consequences begins to form. When the CEL is overlaid on this picture, those vulnerabilities with sufficient controls aligned to reduce risk are dropped, and the remaining vectors of attack emerge as the areas of highest exposure.
+*Methods and objectives library (MOL): The MOL lists known threat agent objectives — what they want to accomplish — and the most likely methods they will employ to reach these objectives. These methods and objectives are cross-referenced with defense-indepth controls, such as firewalls, proxies, secure [[device]] configurations, and a securityaware workforce. When the MOL is coupled with the TAL, a picture begins to emerge of the types of likely possible attacks, based upon many factors such as resources, objectives, typical methods, and preferred vulnerabilities. Additionally, an estimate of consequences begins to form. When the CEL is overlaid on this picture, those vulnerabilities with sufficient controls aligned to reduce risk are dropped, and the remaining vectors of attack emerge as the areas of highest exposure.
-*Common exposure library (CEL): For the first application of the TARA methodology, Intel created CEL, which enumerates known information security vulnerabilities and exposures. There are also several publicly available CELs that provide additional data. The CEL maps vulnerabilities against existing controls to show which exposures are residual. For example, with an antivirus solution installed on corporate laptop PCs, currently known viruses do not represent an overt exposure. However, if an unknown virus appears before the antivirus solution is updated, then an appreciable residual exposure exists.
+*Common exposure library (CEL): For the first [[application]] of the TARA methodology, Intel created CEL, which enumerates known information security vulnerabilities and exposures. There are also several publicly available CELs that provide additional [[data]]. The CEL maps vulnerabilities against existing controls to show which exposures are residual. For example, with an antivirus solution installed on corporate laptop PCs, currently known viruses do not represent an overt exposure. However, if an unknown [[virus]] appears before the antivirus solution is updated, then an appreciable residual exposure exists.
-Standard frameworks such as these help ensure consistency and comprehensiveness when different risk assessors apply TARA methodology to different environments.
+[[Standard]] frameworks such as these help ensure consistency and comprehensiveness when different risk assessors apply TARA methodology to different environments.
-'''The TARA Process<ref>The TARA Process in Detail [https://www.researchgate.net/publication/335589639_Prioritizing_Information_Security_Risks_with_Threat_Agent_Risk_Assessment_TARA Matt Rosenquist, Timothy Casey]</ref>'''<br />
+'''The TARA [[Process]]<ref>The TARA Process in Detail [https://www.researchgate.net/publication/335589639_Prioritizing_Information_Security_Risks_with_Threat_Agent_Risk_Assessment_TARA Matt Rosenquist, Timothy Casey]</ref>'''<br />
 To find the critical areas of exposure, the TARA methodology uses six steps.<br />
-. Measure current threat agent: Using the TAL. regularly review and rank the current threat levels. This is a qualitative to quantitative exercise necessary to establish a general understanding of current risks, and it creates a baseline for future TARA exercises.<br />2. Distinguish threat agents that exceed baseline acceptable risks: Again using the TAL, measure new threat levels when starting a new project; create an acceptable risk baseline if current baseline is determined to be insufficient.<br />At the end of steps 1 and 2, threat agents that exceed the current or new baseline threat level for the areas being evaluated will have been identified.<br />3. Derive primary objectives of those threat agents. TARA defines objectives as the combination of threat agent motivations and threat agent capabilities. Using the MOL - derive the primary motivations and objectives of those threat agents identified in steps 1 and 2. Motivations are important because they underpin action, and they contribute to factors such as the attacker’s commitment, the point at which attacker will cease pursuit, and the attacker’s susceptibility to targets of opportunity.<br />4. Identify methods likely to manifest. Again using the MOL - identify the likely methods by which an attack may occur. TARA defines a method as a combination of threat agent objectives and threat agent operating methods. TARA identifies the type of impact that could be expected based on motivations and objectives.<br />5. Determine the most important collective exposures. Using the CEL, the methodology first finds attack vectors, which are vulnerabilities without controls. Then, the intersection of the methods determined in step 4 and the attack vectors define likely exposures. Finally, these likely exposures are ranked according to their severity of consequence. The end result of step 5 is a list of the most important collective exposures.<br />6. Align strategy to target the most significant exposures. An assessment is worthless if it does not reinforce the decision-making process. Analysts and management can use the results of TARA analysis to concentrate their [[Information Security|information security]] strategy on the most important areas of concern and allocate [[Information Security Governance|information security resources]] in the most effective manner.
+. Measure current threat agent: Using the TAL. regularly review and rank the current threat levels. This is a qualitative to quantitative exercise necessary to establish a general understanding of current risks, and it creates a [[baseline]] for future TARA exercises.<br />2. Distinguish threat agents that exceed baseline acceptable risks: Again using the TAL, measure new threat levels when starting a new project; create an acceptable risk baseline if current baseline is determined to be insufficient.<br />At the end of steps 1 and 2, threat agents that exceed the current or new baseline threat level for the areas being evaluated will have been identified.<br />3. Derive primary objectives of those threat agents. TARA defines objectives as the combination of threat agent motivations and threat agent capabilities. Using the MOL - derive the primary motivations and objectives of those threat agents identified in steps 1 and 2. Motivations are important because they underpin action, and they contribute to factors such as the attacker’s commitment, the point at which attacker will cease pursuit, and the attacker’s susceptibility to targets of opportunity.<br />4. Identify methods likely to manifest. Again using the MOL - identify the likely methods by which an attack may occur. TARA defines a method as a combination of threat agent objectives and threat agent operating methods. TARA identifies the type of [[impact]] that could be expected based on motivations and objectives.<br />5. Determine the most important collective exposures. Using the CEL, the methodology first finds attack vectors, which are vulnerabilities without controls. Then, the intersection of the methods determined in step 4 and the attack vectors define likely exposures. Finally, these likely exposures are ranked according to their severity of consequence. The end result of step 5 is a list of the most important collective exposures.<br />6. Align [[strategy]] to [[target]] the most significant exposures. An assessment is worthless if it does not reinforce the decision-making process. Analysts and [[management]] can use the results of TARA analysis to concentrate their [[Information Security|information security]] strategy on the most important areas of concern and allocate [[Information Security Governance|information security resources]] in the most effective manner.

@@ Line 24: / Line 24: @@
 === See Also ===
 [[Risk Analysis]]<br />
 [[Risk Assessment]]<br />
@@ Line 37: / Line 38: @@
 [[Risk Maturity]]<br />
 [[Risk Maturity Model (RMM)]]<br />
-[[Risk Mitigation]]
+[[Risk Mitigation]]<br />
 === References ===
 <references/>

@@ Line 8: / Line 8: @@
 '''TARA Components<ref>TARA Components  [https://media10.connectedsocialmedia.com/intel/10/5725/Intel_IT_Business_Value_Prioritizing_Info_Security_Risks_with_TARA.pdf Intel Information Technology]</ref>'''<br />
 The TARA methodology relies on three main references to reach its predictive conclusions:
-*Threat agent library (TAL): The primary premise of the TARA methodology is that threat agents are the source of information security losses. Previously, Intel developed the TAL to simplify the character set of all possible threat agents. It was therefore a natural choice to use it with
+*Threat agent library (TAL): The primary premise of the TARA methodology is that threat agents are the source of information security losses. Previously, Intel developed the TAL to simplify the character set of all possible threat agents. It was therefore a natural choice to use it with the TARA methodology. The Intel TAL defines eight common threat agent attributes, such as intent—hostile or non-hostile—and access—internal or external. Based on unique combinations of these attributes, the TAL identifies 22 unique threat agent archetypes, such as disgruntled employee, competitor, and organized crime. It is important to remember that the TAL provides [[Archetype|archetypes]], not exact descriptions of real people; individuals may vary in degree of hostility from the model, for example.
-the TARA methodology. The Intel TAL defines eight common threat agent attributes, such as intent—hostile or non-hostile—and access—internal or external. Based on unique combinations of these attributes, the TAL identifies 22 unique threat agent archetypes, such as disgruntled employee, competitor, and organized crime. It is important to remember that the TAL provides [[Archetype|archetypes]], not exact descriptions of real people; individuals may vary in degree of hostility from the model, for example.
+*Methods and objectives library (MOL): The MOL lists known threat agent objectives — what they want to accomplish — and the most likely methods they will employ to reach these objectives. These methods and objectives are cross-referenced with defense-indepth controls, such as firewalls, proxies, secure device configurations, and a securityaware workforce. When the MOL is coupled with the TAL, a picture begins to emerge of the types of likely possible attacks, based upon many factors such as resources, objectives, typical methods, and preferred vulnerabilities. Additionally, an estimate of consequences begins to form. When the CEL is overlaid on this picture, those vulnerabilities with sufficient controls aligned to reduce risk are dropped, and the remaining vectors of attack emerge as the areas of highest exposure.
-*Methods and objectives library (MOL): The MOL lists known threat agent objectives — what they want to accomplish — and the most likely methods they will employ to reach these objectives. These methods and objectives are cross-referenced with defense-indepth controls, such as firewalls, proxies, secure device configurations, and a securityaware workforce. When the MOL is coupled with the TAL, a picture begins to emerge of the types of likely possible attacks, based upon many factors such as resources, objectives, typical methods, and preferred vulnerabilities. Additionally, an
+*Common exposure library (CEL): For the first application of the TARA methodology, Intel created CEL, which enumerates known information security vulnerabilities and exposures. There are also several publicly available CELs that provide additional data. The CEL maps vulnerabilities against existing controls to show which exposures are residual. For example, with an antivirus solution installed on corporate laptop PCs, currently known viruses do not represent an overt exposure. However, if an unknown virus appears before the antivirus solution is updated, then an appreciable residual exposure exists.
 Standard frameworks such as these help ensure consistency and comprehensiveness when different risk assessors apply TARA methodology to different environments.
@@ Line 22: / Line 19: @@
-[[File:TARA_Process.png|200px|TARA Process]]<br />
+[[File:TARA_Process.png|300px|TARA Process]]<br />
 source: Intel
 === See Also ===
 === References ===
 <references/>

@@ Line 4: / Line 4: @@
 [[File:Threat_Agent_Risk_Assessment.png|200px|Threat Agent Risk Assessment (TARA)]]<br />
 source: Intel
@@ Line 9: / Line 20: @@
 To find the critical areas of exposure, the TARA methodology uses six steps.<br />
 . Measure current threat agent: Using the TAL. regularly review and rank the current threat levels. This is a qualitative to quantitative exercise necessary to establish a general understanding of current risks, and it creates a baseline for future TARA exercises.<br />2. Distinguish threat agents that exceed baseline acceptable risks: Again using the TAL, measure new threat levels when starting a new project; create an acceptable risk baseline if current baseline is determined to be insufficient.<br />At the end of steps 1 and 2, threat agents that exceed the current or new baseline threat level for the areas being evaluated will have been identified.<br />3. Derive primary objectives of those threat agents. TARA defines objectives as the combination of threat agent motivations and threat agent capabilities. Using the MOL - derive the primary motivations and objectives of those threat agents identified in steps 1 and 2. Motivations are important because they underpin action, and they contribute to factors such as the attacker’s commitment, the point at which attacker will cease pursuit, and the attacker’s susceptibility to targets of opportunity.<br />4. Identify methods likely to manifest. Again using the MOL - identify the likely methods by which an attack may occur. TARA defines a method as a combination of threat agent objectives and threat agent operating methods. TARA identifies the type of impact that could be expected based on motivations and objectives.<br />5. Determine the most important collective exposures. Using the CEL, the methodology first finds attack vectors, which are vulnerabilities without controls. Then, the intersection of the methods determined in step 4 and the attack vectors define likely exposures. Finally, these likely exposures are ranked according to their severity of consequence. The end result of step 5 is a list of the most important collective exposures.<br />6. Align strategy to target the most significant exposures. An assessment is worthless if it does not reinforce the decision-making process. Analysts and management can use the results of TARA analysis to concentrate their [[Information Security|information security]] strategy on the most important areas of concern and allocate [[Information Security Governance|information security resources]] in the most effective manner.

← Older revision		Revision as of 16:58, 20 March 2020
Line 4:		Line 4:
	[[File:Threat_Agent_Risk_Assessment.png\|200px\|Threat Agent Risk Assessment (TARA)]]<br />		[[File:Threat_Agent_Risk_Assessment.png\|200px\|Threat Agent Risk Assessment (TARA)]]<br />
	source: Intel		source: Intel
		+
		+
		+
		+	The TARA Process in Detail
		+	To find the critical areas of exposure, the TARA methodology uses six steps.
		+	1. Measure current threat agent: regularly review and rank the current threat levels. This is a qualitative to quantitative exercise necessary to establish a general understanding of current risks, and it creates a baseline for future TARA exercises.
		+	2. Distinguish threat agents that exceed baseline acceptable risks: measure new threat levels when starting a new project; create an acceptable risk baseline if current baseline is determined to be insufficient.
		+	At the end of steps 1 and 2, threat agents that exceed the current or new baseline threat level for the areas being evaluated will have been identified.
		+	3. Derive primary objectives of those threat agents. TARA defines objectives as the combination of threat agent motivations and threat agent capabilities.
		+	Using the MOL, we derive the primary
		+	motivations and objectives of those
		+	threat agents identified in steps 1 and 2.
		+	Motivations are important because they
		+	underpin action, and they contribute to
		+	factors such as the attacker’s commitment,
		+	the point at which attacker will cease
		+	pursuit, and the attacker’s susceptibility to
		+	targets of opportunity. Table 2 lists some
		+	examples of threat agent objectives.
		+	4. Identify methods likely to manifest.
		+	Again using the MOL, we identify the likely
		+	methods by which an attack may occur.
		+	TARA defines a method as a combination
		+	of threat agent objectives and threat
		+	agent operating methods. TARA identifies
		+	the type of impact we could expect based
		+	on motivations and objectives.
		+	5. Determine the most important
		+	collective exposures. Using the CEL, the
		+	methodology first finds attack vectors,
		+	which are vulnerabilities without controls.
		+	Then, the intersection of the methods
		+	determined in step 4 and the attack
		+	vectors define likely exposures. Finally,

← Older revision		Revision as of 16:26, 20 March 2020
Line 2:		Line 2:


−	[[File:Threat_Agent_Risk_Assessment.png\|~~400px~~\|Threat Agent Risk Assessment (TARA)]]<br />	+	[[File:Threat_Agent_Risk_Assessment.png\|200px\|Threat Agent Risk Assessment (TARA)]]<br />
	source: Intel		source: Intel