The objective of conducting a TARA is self-explanatory, it aims to break down your system into threats and assessing the risks from the threats discovered. Conducting a TARA is a crucial step after asset identification. Afterwards, begin funneling your selected assets and features down a TARA pipeline in order to generate risk documentation of each asset. As you can imagine corporations will have thousands of assets each with their own TARA, maintaining such documentation in a secure way is a topic for another time. Upon completion, three phases will follow.
1. Establishing cybersecurity goals
2. Developing strategies within the cybersecurity concept to tackle goals
3. Establishing what functional cybersecurity requirements will need to comply with your concept
A TARA will help drive all reasoning for cybersecurity initiatives within the organization. Threat Analysis starts from the inception of the cybersecurity plan. Organizations will need to draw inspiration from the cybersecurity plan in order to produce a document yielding a list of threats associated to features and assets identified throughout the process. This information will then be utilized for threat analysis.