Definitions

In this phase, users can define all relevant assets and associated damage scenarios for the system model by selecting the ADM - Asset Damage Scenario Matrix section on the left side of the Definitions window. This section features the a matrix view and additional list views for assets and damages scenarios. Supplementary, users can add custom impact categories or edit and delete existing ones directly within the damage scenario list view.

Additionally, users can specify assumptions by navigating to the AS - Assumptions section in the same menu.

The RM - Risk Matrix page allows users to customize the risk matrix chart to meet specific requirements.

Within the TTM - Threat Type Matrix section, security attributes can be linked to threat types. Supplimentary, users can also create their own custom security attributes.

In the FN - Functions section, functions can be defined, updated, and deleted. Created functions can later be linked to elements in the system model, except for connectors.

Finally, by selecting SN -Signals, users can define, edit, and delete signals. A signal represents information transmitted between system elements (for example, from a sensor to a control unit) and can later be linked to connectors in the diagram.

ADM - Assets and Damage Scenarios

Assets refer to valuable resources or components within a system that are essential for its operation or functionality. In the context of cybersecurity, assets can include data, hardware, software, networks, and other critical elements in the system that need to be protected from any kind of malicious activities. On the other hand, they are also valuable targets to be attacked by hackers. Therefore, assets in threat modeling are essential to describe critical elements in the system. Once a cyber attack takes place, a potential situation or event could lead to harm, loss, or compromise of the asset itself, which is described in the damage scenario.

ThreatGet's latest versions describe both on the model level, where all modeled diagrams within a particular model share all defined assets and damage scenarios. Each asset could have a relation with damage scenarios to define the consequences of a particular damage due to cyber incidents, which can be defined through an Asset - Damage Scenario Matrix. On the Definitions page, the user can access assets and damage scenarios by clicking the ADM button on the left side of the page.

Assets

Let’s begin by creating assets. Start by defining three assets: Data Communication Lamp request, Data Communication Oncomming Car Information, and Firmware of Body Control ECU. These assets will be used in the modeling of the Headlamp Example in the section Managing and Creating Diagrams. To add an asset, click on the green + button on the Asset side to begin defining the necessary information for the asset you want to create.

Afterward, empty fields includes name, descprion, and security attributes (e.g., Confidentiality, Integrity, and Availability) will appear on the right side of the window, asking for more details about the required asset. Once all required information is filled, press the Save button to store the created asset as part of the current ThreatGet model.

Damage Scenarios

Now we can define the damage scenario for the previously created assets, which can define the impact category and level in case a cyber attack happens. To do so, press the green + button on the Damage Scenarios section. We created three damage scenarios: Front Collision, Malfunctioning Automatic High Beam, and Vehicle Cannot be Driven at Night, with all necessary information, including Name, Justification, Impact Category, and the Relationship with asset(s).

The level of impacts varies from low (i.e., Negligible) to critical (i.e., Severe), indicating the severity of the damage. Additionally, the impact category should be defined to describe the potential consequences against a particular category, including S: Safety, F: Functional, O: Operational, P: Privacy and Not Applicable.

Asset - Damage Scenario Matrix

Once all assets and damage scenarios are defined, ThreatGet will display them as a matrix description, and now the user can define which damage scenario(s) can be assigned to particular asset(s).

Assets List Views

By selecting ASSETS from the dropdown menu in the top-left corner, you navigate to the Assets List View. In this view, users can manage all available assets — users can create, edit, or delete assets as needed.

Additionally, users can link existing damage scenarios and CIA types (security attributes) to each asset. Multiple assets can be created, updated, or deleted simultaneously by selecting them in the list. All changes must be confirmed by clicking the Save button.

Action buttons are available in the top-right corner for quick access to the main actions - Add, Save, Delete, Revert.

Damage Scenarios List Views

By selecting DAMAGE SCENARIOS from the dropdown menu in the top-left corner, users will be directed to the Damage Scenario List View. In this view, users can manage all existing damage scenarios — they can create, edit, or delete scenarios as needed.

Users can also link available assets to each damage scenario and select the potential consequence level for each impact category. In this list view users can simultaneously create, update, or delete multiple damage scenarios by selecting them from the list view. All changes must be confirmed by clicking the Save button.

Action buttons located in the top-right corner provide quick access to the main operations: Show Impacts, Add, Save, Delete, and Revert.

Impacts

Clicking the Impacts button (the first action button in the top-right corner) opens a dialog window in the center of the screen.

Each Impact has a name, description and consequence level (rating) which indicates the severity of the damage. The consequence level can refer not only to the impact itself but also to the stakeholders affected by it. It can be directly set on the damage scenario. After creating a new TARA four impact categories are preconfigured by default:

• FINANCIAL - Impacts affecting financial assets, transactions, or potential losses due to cyber incidents.
• OPERATIONAL - Impacts on business operations, IT systems, and continuity caused by cyber vulnerabilities.
• PRIVACY - Impacts on data confidentiality, protection of personal information, and compliance with privacy regulations.
• SAFETY - Impacts related to the safety of users and systems against cyber threats.

On this page, users can create, edit, and delete multiple impact categories by selecting them from the list and using the action buttons (Add and Delete) located in the top-right corner of the dialog window. Any new or modified impact categories must be confirmed by clicking the Save button, which becomes active once changes are detected.

In this example, a new impact category is added:

• ENVIRONMENTAL - Damage to the environment due to operational failures

The new ENVIRONMENTAL impact category has been added and is now available for all damage scenarios in the current iteration, with a default value of Not Applicable.

AS - Assumptions

Users can define customized assumptions to be used as part of the system model. This can be done in the definition phase by switching to the assumptions view, accessed by clicking AS on the left side of the page in the definition phase.

The user can add any specific assumption as needed by entering the title of the assumption in the empty field and then pressing the Add button.

All recently added assumptions, as well as any previously created ones (if any exist), are listed in the open window.

RM - Risk Matrix

The evaluation of risks for each detected threat is primarily based on the risk chart, which displays the distribution of risk levels according to likelihood and impact values. Users can check the risk level by switching to RM on the left side of the Definitions window.

The user can adjust the distribution of likelihood and impact across the risk matrix to align with specific requirements, tailoring it to reflect their risk assessment strategy. This customization allows the user to better model and evaluate risks based on the unique characteristics and priorities of their system. Once the user has made changes, they should press the green save button to apply and retain these updated values for future risk evaluation actions.

TTM - Threat Type Matrix

In the Threat Type Matrix, users can associate security attributes with threat types to model and assess potential risks for assets.

ThreatGet provides six fixed threat types:

• Spoofing – impersonation of a user or system.
• Tampering – unauthorized modification of data or processes.
• Repudiation – denial of actions or transactions.
• Information Disclosure – exposure of sensitive information.
• Denial of Service – disruption of system availability.
• Elevation of Privilege – gaining unauthorized access or higher privileges.

For each new TARA, three security attributes are pre-defined (commonly referred to as CIA types):

• Confidentiality - Protects information from unauthorized access.
• Integrity - Ensures information is accurate and unaltered.
• Availability - Guarantees reliable access to information.

On the asset level, users can link these security attributes (CIA types) to individual assets, providing a clear mapping between an asset’s security requirements and the potential threat types. This linkage enables more accurate risk assessment and impact analysis, ensuring that each asset is evaluated against relevant threats and security concerns.

Security Attributes (CIA Types)

A Security Attribute consists of a name and a description. Clicking on an attribute opens a property window on the right side of the screen, where users can modify or delete the selected security attribute.

To add a new security attribute, click the plus (+) icon. The property window will slide in, allowing the user to set the name and description. All newly created or modified security attributes must be confirmed by clicking the Save button, which becomes active once changes are detected.

In this example, two new security attributes are added to extend the default set:

• Authenticity – Verifying that users, systems, or data are genuine and trustworthy.
• Non-repudiation – Ensuring that actions or transactions cannot be denied after they occur.

Once saved, the new security attributes are reflected in the threat type matrix and can be linked to relevant threat types for assets.

Newly added security attributes are now selectable on asset level. For example in the Asset Damage Scenario Matrix when an asset is selected

FN - Functions

A Function describes what a system element does — its purpose or behavior, independent of how it is implemented. It represents the intended operation or capability of a component.

Express behavior (e.g., “measure temperature”, “control speed”, “detect obstacles”). Has a name and description. Can be assigned to physical or logical elements (all elements int the system model except connectors - e.g., sensors, control units).

On this page, users can add, edit, and delete functions. To add a new function, enter the name and description, then click the Add button. To modify or remove an existing function, use the corresponding action buttons next to the function in the list.

SN - Signals

A Signal is a piece of information that is transmitted between elements (e.g., from a sensor to a control unit). It represents the communication between components and has a name and description.

For example signals can represent physical values (temperature, pressure, speed) or logical states (on/off, true/false).They are transfered via connectors in the diagram.

On this page, users can create, edit, or delete signals. To add a signal, provide its name and description, then click the Add button. To edit or delete an existing signal, use the appropriate action buttons located next to it in the list.