Security Goals

A security goal is a concept-level cybersecurity requirement associated with one or more threat scenarios.

Security goals are closely related to the technical measures designed within the security concept to mitigate the risks. At least one security goal must be linked on the risk treatment page for each risk with treatment reduction.

If a security goal is associated with a threat scenario, the corresponding requirement must be satisfied to mitigate the risk of the threat scenario. A responsibility must be specified for each security goal. This is typically a customer or a supplier; further parties may be added.

Each security goal identified by the TARA shall be taken up in the security concept or considered with the relevant stakeholders.

For example,

• For security topics
  The security responsible for the OEM, component, SoS, and plant
• For safety topics
  Project safety manager