Assistants

itemis Security Analyst has a couple of assistants to help you develop a complete and consistent model. The assistants will suggest the creation of elements and take care of setting up the respective linking. Currently, the following assistants are by default available. They have been covered as part of the corresponding TARA process chapters:

  • Asset identification
  • Threat identification
  • Damage scenario assignment
  • Risk assistant

Each assistant has its own chunk. If you are using the default project template, you can find them in the assistants folder in the project view. Next to the chunk title is a Refresh button. Refreshing will synchronize the state of the assistant with the TARA model.

All assistants have a tabular layout. The first column contains the consulted entity. For example, in the asset identification and the threat identification, this is a system element. In the next column, suggestions for the consulted entity are displayed. Each suggestion is one of the following:

  • Addition: The assistant suggests a new entity or relation. The entry is displayed with a white background and has two buttons on the right: Accept and Reject. If you click Accept, the entity or relation is added to the model. If you click Reject, the buttons are replaced by a link to revoke that action. You can enter a rationale for rejected suggestions in the inspector.
  • Removal: The assistant suggests to remove an entity or relation that exists in the model. The entry is displayed with a yellow background and has two buttons on the right: Remove and Reject. If you click Remove, the entity or relation is removed from the model. The other button works analogously to above.
  • Accepted: The suggestion has already been accepted. The entry is displayed with a white background and has a link on the right to Reset the model. If clicked, the entity or relation is removed from the model.
  • Rejected: The suggestion has been rejected and is not highlighted anymore. You can click a link to revoke that rejection. Alternatively, you can enter a rationale for rejected suggestions in the inspector.

In a third column, another button is displayed to apply or reset all suggestions of the consulted entity in a single step.