Threat Assessment & Remediation Analysis (TARA): Methodology Description Version 1.0
Abstract
Mission Assurance Engineering (MAE) is the subdiscipline of Enterprise Systems Engineering (ESE) and is intended to provide mission assurance against the advanced persistent threat (APT). The APT uses an evolving set of tactics, techniques, and procedures (TTPs) to establish and maintain a foothold in the enterprise's information infrastructure, and to exploit that foothold to ex-filtrate large volumes of sensitive information, to corrupt mission-critical information, and/or to deny or degrade mission capabilities. This report describes the Threat Assessment & Remediation Analysis (TARA) methodology, which applies MAE to systems and acquisitions. TARA is a methodology for identifying and assessing cyber threats and selecting countermeasures effective at mitigating those threats. When applied in conjunction with a Crown Jewels Analysis (CJA) or other means for assessing mission impact, CJA and TARA together provide for the identification, assessment, and security enhancement of mission critical assets, which is the cornerstone of mission assurance.
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 01, 2011
- Accession Number
- ADA576473
Entities
People
- Dan Mckinnon
- Geoff Upton
- Jackson Wynn
- Joseph Whitmore
- Lauren Clausen
- Lindsay Spriggs
- Richard D. Graubart
- Richard Mcinnes
Organizations
- MITRE Corporation