Protection Goals
Protection goals such as confidentiality and integrity can be defined to specify the impact category of an attack scenario. This may be useful for risk assessment. For example, an exposed secret key may have a critical impact regarding confidentiality, but the deletion (availability) may be rated as moderate.
Protection goals are an optional feature and can be activated/deactivated in the project settings (Modeling > Project Information).
Protection goals can be pre-configured in threat rules, threat categories, and attack vectors. If an attack scenario references any of these, their protection goals will be adopted.
It is possible to define the impact on protection goals for assets and system threats. As mentioned before, the impact may be different. This information can be used in attack scenarios for automating risk assessment.
Tip
If an attack scenario affects several protection goals, it may be advisable to divide this attack into several attack scenarios.
A diagram showing the attack scenarios per protection goal can be configured in the dashboard.