Attack Tree Methodology
SecurITree's methodology represents a major breakthrough in threat risk analysis (TRA). It is based on a very simple premise:
Every organization has enemies. They may be Internet computer hackers, competitors, dishonest employees, terrorists or even foreign governments. Whether or not your enemies will use a particular attack against you depends on whether they have what it takes to perform the attack. Amenaza calls this wherewithal, "capability". An adversary's capability includes many things - financial resources, technical skill, the ability to acquire the materials needed for an attack and a willingness to accept the consequences of their actions. Different types of attackers have differing amounts of these resources and this constrains the types of attacks they will use.
SecurITree allows an analyst to describe possible attacks against a system in the form of a graphical, mathematical model called an attack tree. The capabilities of motivated attackers are compared with the resources required to perform specific attacks in the model through a process called "pruning". Attacks that are beyond the adversary's capability are removed from the model. The remaining attacks are considered highly likely. Amenaza refers to this type of analysis as Capabilities-based Attack Tree Analysis.
Organization specific information is added to the model showing the projected impact of specific attacks on the victim. When this information is combined with the attack identification analysis described above, the result is an understanding of the risks associated with a system's vulnerabilities. This allows intelligent risk mitigation decisions.