Skip to content

Assets and Damage Scenarios

Assets refer to valuable resources or components within a system that are essential for its operation or functionality. In the context of cybersecurity, assets can include data, hardware, software, networks, and other critical elements in the system that need to be protected from any kind of malicious activities. On the other hand, they are also valuable targets to be attacked by hackers. Therefore, assets in threat modeling are essential to describe critical elements in the system. Once a cyber attack takes place, a potential situation or event could lead to harm, loss, or compromise of the asset itself, which is described in the damage scenario.

ThreatGet's new version describes both on the project level, where all modeled diagrams within a particular project share all defined assets and damage scenarios. Each asset could have a relation with damage scenarios to define the consequences of a particular damage due to cyber incidents, which can be defined through an Asset - Damage Scenario Matrix.

Create Assets

According to the previously discussed Headlamp Example in Section Managing and Creating Diagrams. Let's continue with the same headlamp example. So, we need to create two assets: 'Integrity of Headlight' and 'Availability of Headlight.' Therefore, in the project's main window, we select the matrix icon as follows: Create Asset

A new window will be displayed for creating assets and damage scenarios. So, press the New Asset green button. Afterward, empty text fields will appear on the right side of the window, asking for more details about the required asset.

Once all required information is filled, press the Save button to store the created asset as part of the current ThreatGet project.

New Assets

There are three security attributes: Confidentiality, Integrity, and Availability, which define the protection of the asset.

Create Damage Scenario

Now we can define the damage scenario for the previously created assets, which can define the impact category and level in case a cyber attack happens. To do so, press the New Damage Scenario green button and define the required information as follows: New Assets

The level of impacts varies from low (i.e., Negligible) to critical (i.e., Severe), indicating the severity of the damage. Additionally, the impact category should be defined to describe the potential consequences against a particular category, including S: Safety, F: Functional, O: Operational, and P: Privacy.

Asset - Damage Scenario Matrix

Once all assets and damage scenarios are defined, ThreatGet will display them as a matrix description, and now the user can define which damage scenario(s) can be assigned to a particular asset.

New Assets