Asset identification is related to a special entity called “security goals”. After you have modeled your system (or a part of it), you have to decide for each system element, if breaking one or multiple security attributes (e.g. Confidentiality, Integrity, Availability or Authenticity) of the system element might cause damage. If this is the case, you have to create corresponding security goals. The system element becomes an asset if at least one security goal is defined for it. Note: we are going to implement so-called “terminology profiles” that will introduce ISO 21434 terms so that several things will be easier to map.
Leave A Comment