Assets
CycurRISK provides a dedicated page for the Assets. The assets are any data, function, or resource of the TOE that must be protected to reduce the probability of a successful attack. You can add an asset to the list of assets and give a detailed description stating what it is. Then, you must specify which aspects of each asset must be protected. These are called as Security Properties.
A security property is an attribute of an asset that is worth protecting. ISO/SAE 21434 recommends using the following security properties:
- Confidentiality
- Integrity
- Availability
These properties are defined and used as follows:
|
Security Properties |
Definition |
Threat Name |
|---|---|---|
| Confidentiality | Information can not be accessed by unauthorized parties | Extraction of |
| Integrity | Information has not been altered and the source of the information is genuine | Manipulation of |
| Availability | Information is accessible by authorized users | Blocking |
Tab. 5: Definition of security properties
|
Note |
|---|
|
Adding and adapting security properties in a customized methodology is possible as needed. |
Each asset may have one or several security properties. Each pair, which consists of an asset and a linked security property, is called a "Security Objective. " For example, an asset of ECU firmware is added and assigned the security property "Confidentiality", "Integrity", and "Availability" (CIA).
