As cybersecurity becomes central to the development of automotive and other cyber-physical systems, conducting a Threat Analysis and Risk Assessment (TARA) is no longer just a compliance task — it’s a critical part of engineering secure and reliable products.
While many teams still rely on Excel to manage TARA, the complexity of systems is quickly revealing the limitations of spreadsheet-based workflows. Excel may suffice for small, static assessments, but it struggles to scale with increasing interdependencies, cross-functional collaboration, and lifecycle traceability.
To address these limitations, many organizations are shifting towards model-based TARA tools that provide greater structure, traceability, and automation. One example is itemis SECURE, a purpose-built solution that demonstrates how this approach can improve both process efficiency and technical rigor.
Why Excel Falls Short for TARA
Excel’s appeal lies in its flexibility. You can start with a basic template, list your assets, potential threats, and calculate risk ratings using formulas. But as systems grow — both in scale and in interconnectivity — several shortcomings emerge:
- Manual data consistency: Maintaining relationships between assets, threats, and mitigations becomes error-prone.
- No structural modeling: Excel lacks native ways to represent dependencies, attack paths, or system architecture.
- Limited traceability: It’s difficult to track changes, justify updates, or prepare audit-ready documentation.
- Static nature: Risk is evaluated in a fixed snapshot, disconnected from iterative development processes.
- Collaboration friction: Version control, change tracking, and review workflows are often handled outside the spreadsheet, increasing overhead.
For teams working with critical systems, these constraints can slow down both product development and compliance readiness.
Structured Tools as a Solution
To overcome these issues, organizations are increasingly turning to model-based cybersecurity assessment tools. These tools introduce a structured approach to risk modeling, allowing for better alignment with development processes and industry standards such as ISO/SAE 21434 and IEC 62443.
Let’s explore how this structured approach — using itemis SECURE as a reference example — addresses key pain points in traditional TARA workflows:
Structured Modeling vs. Manual Tables
Excel:
TARA in Excel often relies on flat tables with manually created rows for assets, threats, vulnerabilities, impact ratings, etc. Relationships must be manually maintained — which becomes error-prone as the system grows.
itemis SECURE:
Built around a model-based approach, itemis SECURE allows you to define:
- Assets and their hierarchy
- Threats, vulnerabilities, and controls
- Links between elements (e.g., which threats affect which assets)
This structured modeling ensures consistency, reduces duplication, and enables better traceability across risk elements.
Automation and Reusability
Excel:
- Every new project starts with copy-pasting templates.
- Changes to threat catalogs or risk rating formulas must be updated manually.
- Reusing previous TARAs is difficult and often inconsistent.
itemis SECURE:
- Offers template-based reusability
- Supports auto-generated risk graphs and consistent scoring based on configurable logic
- Updates to threat catalogs or scoring models automatically apply across projects
This translates to faster iteration, fewer errors, and much higher efficiency for engineering teams and cybersecurity leads.
Graphical Attack Trees and System-Level Threat Modeling
In Excel, representing multi-stage attacks or system-level threat chains typically requires static tables or manual diagrams. In contrast, itemis SECURE enables you to build dynamic attack trees that visually map:
- How an attacker could traverse from entry points to assets
- Multiple attack steps and conditions
- Relationships between threats, vulnerabilities, and system components
This graphical view not only improves accuracy but also makes TARA more accessible to cross-functional teams and reviewers.
Integrated Controls and Iterative Risk Reassessment
One of the most critical aspects of cybersecurity is showing how mitigations (controls) reduce risk — a task that’s tedious and error-prone in Excel.
With itemis SECURE:
- Controls are defined and linked directly to threats or vulnerabilities
- Residual risk levels are recalculated automatically when controls are added or modified
- The tool supports risk iteration, allowing you to track how the risk posture evolves across design refinements or safety reviews
This aligns directly with regulatory expectations for traceable and justified risk reduction.
Change Management and Traceability
Excel:
Tracking changes over time is difficult. You may use version history or “diff” tools, but these are rarely tailored to TARA processes.
itemis SECURE:
- Maintains audit trails and versioned changes per element
- Helps teams justify changes in risk levels over time (critical for compliance with ISO/SAE 21434 or IEC 62443)
- Enables collaborative work without conflicting edits or overwrites
This supports structured engineering processes and cross-team reviews across long product lifecycles.
Report Generation: Word & PDF Outputs for Audit Readiness
Unlike Excel, where generating reports typically involves copying and reformatting, itemis SECURE offers ready-to-export documentation:
- Structured reports in Word or PDF, including asset definitions, attack paths, threat catalogs, risk matrices, and control mappings
- Export configurations to support internal reviews, external audits, or certification submissions
- Reports maintain clear traceability across system components, threat scenarios, and mitigation status
XSAM Import & Threat Catalog Reusability
itemis SECURE supports the XSAM (XML Security Assessment Methodology) format, allowing you to:
- Import standardized or custom threat catalogs
- Reuse known threat patterns across multiple products or domains
- Keep libraries up to date without manual duplication
This reduces ramp-up time for new projects and promotes organizational consistency in threat modeling.
Supporting Dynamic, Lifecycle-Aligned TARA
One of the most powerful advantages of itemis SECURE is its ability to support dynamic, ongoing TARA activities. Cybersecurity risks don’t stand still — they evolve as product architecture changes or as new attack vectors are discovered.
itemis SECURE is built to:
- Support iterative TARA updates across product development stages
- Adapt as functional or architectural changes are introduced
- Reflect updated threat catalogs or control strategies without breaking traceability
This makes it a strong fit for organizations embracing agile, V-model, or continuous assurance in the automotive, medical, or industrial sectors.
While Excel can work for early-stage or small-scale TARA exercises, the increasing complexity of connected systems and regulatory demands calls for a more scalable, auditable, and lifecycle-aware approach.
Model-based TARA tools, such as itemis SECURE, offer a path toward more efficient, consistent, and maintainable risk assessments. By enabling structured modeling, automation, and clear traceability, these tools help teams better manage cybersecurity risks — not just for compliance, but as part of a robust product development strategy.
For organizations interested in exploring model-based TARA tools further, you can learn more about itemis SECURE on their official website. If you would like to request an evaluation license or a demo of the tool, please contact us at hello@cyphyi.com.