<b>15.4.1.1 Prerequisites</b><br/>The following shall be available:<br/>— item definition [WP-09-01].<br/><b>15.4.1.2 Further supporting information</b><br/>The following information can be considered:<br/>— cybersecurity specifications [WP-10-01];<br/>— damage scenarios [WP-15-01];<br/>— assets with cybersecurity properties [WP-15-02].<br/><b>15.4.2 Requirements and recommendations</b><br/><b>[RQ-15-03] </b>Threat scenarios shall be identified and include:<br/>— targeted asset;<br/>— compromised cybersecurity property of the asset; and<br/>— cause of compromise of the cybersecurity property.<br/>NOTE 1 Further information can be included or associated with a threat scenario, e.g. damage scenarios, technical interdependencies between assets, attackers, methods, tools, and attack surfaces.<br/>NOTE 2 The method for threat scenario identification can use group discussion and/or systematic approaches, for example: <br/><br/>— elicitation of malicious use cases resulting from reasonably foreseeable misuse and/or abuse;<br/>— threat modelling approaches based on frameworks such as EVITA, TVRA], PASTA], STRIDE (spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privilege).<br/>NOTE 3 A damage scenario can correspond to multiple threat scenarios and a threat scenario can lead to multiple damage scenarios.<br/>EXAMPLE Spoofing of CAN messages for the braking ECU leads to loss of integrity of the CAN messages and thereby to loss of integrity of the braking function.<br/><br/>based on ISO21434:2021<br/><br/><br/>