Threat Assessment and Remediation Analysis Methodology DescriptionSeptember 2012
Topics: Critical Infrastructure Protection, Emergency Preparedness and Response, Risk Management
Mission Assurance Engineering (MAE) is the sub discipline of Enterprise Systems Engineering (ESE) intended to provide mission assurance against the advanced persistent threat (APT). The APT uses an evolving set of tactics, techniques, and procedures (TTPs) to establish and maintain a foothold in the enterprise's information infrastructure, and to exploit that foothold to ex-filtrate large volumes of sensitive information, to corrupt mission-critical information, and/or to deny or degrade mission capabilities. This report describes the Threat Assessment & Remediation Analysis (TARA) methodology, which applies MAE to systems and acquisitions. TARA is a methodology to identify and assess cyber threats and select countermeasures effective at mitigating those threats. When applied in conjunction with a Crown Jewels Analysis (CJA) or other means for assessing mission impact, CJA and TARA together provide for the identification, assessment, and security enhancement of mission critical assets, which is the cornerstone of mission assurance.