Threat Assessment and Remediation Analysis Methodology Description

September 2012
Topics: Critical Infrastructure Protection, Emergency Preparedness and Response, Risk Management
Jackson E. Wynn, The MITRE Corporation
Joseph Whitmore, The MITRE Corporation
Geoff Upton, The MITRE Corporation
Lindsay Spriggs, The MITRE Corporation
Dan McKinnon, The MITRE Corporation
Richard McInnes, The MITRE Corporation
Richard D. Graubart, The MITRE Corporation
Lauren Clausen, The MITRE Corporation
Download PDF (2.7 MB)

Mission Assurance Engineering (MAE) is the sub discipline of Enterprise Systems Engineering (ESE) intended to provide mission assurance against the advanced persistent threat (APT). The APT uses an evolving set of tactics, techniques, and procedures (TTPs) to establish and maintain a foothold in the enterprise's information infrastructure, and to exploit that foothold to ex-filtrate large volumes of sensitive information, to corrupt mission-critical information, and/or to deny or degrade mission capabilities. This report describes the Threat Assessment & Remediation Analysis (TARA) methodology, which applies MAE to systems and acquisitions. TARA is a methodology to identify and assess cyber threats and select countermeasures effective at mitigating those threats. When applied in conjunction with a Crown Jewels Analysis (CJA) or other means for assessing mission impact, CJA and TARA together provide for the identification, assessment, and security enhancement of mission critical assets, which is the cornerstone of mission assurance.

Publications

Interested in MITRE's Work?

MITRE provides affordable, effective solutions that help the government meet its most complex challenges.
Explore Job Openings

Publication Search