System Overview

This page describes activities related to the system overview. Note that all of these steps are optional. That means that the system can be modelled and analyzed for threats without completing these steps. Nevertheless, these steps are recommended, as the outcome supports a common understanding of the system for externals and internals.

Characterization & Scope

The goal of this step is to provide an overview of the system under consideration and scope of this threat analysis process. This can serve as a high level system description.

Business Objectives & Impact Definition

A security incident can have a negative impact on system manufacturers as well as operators. The aim of this step is to become aware of the potential risk. Apart from financial damage, reputation is also at stake. The outcome can also help to determine the tolerable risk. Ultimately, this step also serves as a way to justify costs for security and privacy measures. This step can be skipped if you are aware of the impact and the business objectives have already been set.

Assumptions & Constraints

Assumptions & Constraints (ACs) can be used for the documentation of decisions, among others. For example, it might be necessary to state an assumption about the architecture, implementation, intended use, or the intended operational environment. Further use cases include constraints, references to other analyses, and definitions.

A special use case is rating metrics used in the risk assessment. For example, it could be defined that a Internet-connected device has always High exposure, the exploitability of breaking state-of-the-art encryption is Low, or that an impact on safety is considered Critical. ACs are further described in the Configuration. Assigning ACs to attack scenarios is described in Risk Assessment (see No. 5).

System Interaction

It is recommended to create a high-level architecture diagram, called system context diagram, to visualize all involved systems, actors, and their interactions. More about the system context diagram is described here.

Use Cases

The visualization of all use cases helps in the further stages of the analysis to have thought of all cases. The most important security-relevant use cases should be drawn in the use case diagram. Adding actors helps you to think about which role has which rights.

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search