TARA, in Automotive, sometimes referred to as ACRA (Automotive Cybersecurity Risk Assessment) is an analysis elected to identify, evaluate and prioritize the possible cybersecurity risks of a SW or HW function/component, with the purpose of defining the actions to be taken in order to avoid risks or in order to handle them.
In a product life cycle, TARA must be performed after the definition of the Functional Requirements, so that the implementation of any necessary measures can be early integrated in the subsequent development phase: the more this analysis is postponed, the more the implementation of any measures that proved necessary, could introduce significant changes to the solution, and could have serious repercussions in terms of extra budget and/or overrunning of the deadlines. In TARA both, information security and protection of sensitive data, are considered.
In the following, the consolidated 4-steps process that exida proposes:
The main usually referred inputs are: