|
Name | Brief introduction |
|
EVITA method | A TARA method in the EVITA project which concerns issues in four aspects (operational, safety, privacy, and financial) [15] |
TVRA | Threat, vulnerabilities, and implementation risk analysis method, which is a process-driven threat and risk assessment method developed by the European Telecommunications Standards Institute (ETSI) [10] |
OCTAVE | Operationally critical threat, asset, and vulnerability evaluation method, which is suitable for enterprise information security risk assessment [10] |
HEAVENS security model | A TARA method in the HEAling vulnerabilities to enhance software (HEAVENS) project, which is based on Mircosoft’s STRIDE threat model and focuses on the method, process, and tool support for TARA [10] |
Attack trees | A method for vulnerability analysis, which identifies attack goals, objectives, methods, and attack scenarios of the target system [10] |
SW vulnerability analysis | A method to find vulnerabilities in codes [10] |
SHIELD | A method to analysis security, privacy, and dependability (SPD) for the embedded system by using control science theory [18] |
NHTSA method | A threat modelling approach by using threat matrix in the technical report of U.S. National Highway Traffic Safety Administration (NHTSA) [19] |
BRA | The binary risk analysis method which is a lightweight risk analysis tool for a quick assessment and used as a part of other TARA processes like OCTAVE [20] |
NIST SP 800-30 | A risk assessment guide proposed in NIST SP 800-30 and applicable to identify, estimate, and prioritize risks for a large range of security-critical targets [21] |
|