Attack Tree Methodology (Continued)

The Five Steps of Capabilities-based Attack Tree Analysis

Attack tree analysis using SecurITree is quick to learn, simple to use, and easy to understand. It can be broken into five simple steps.

  1. Create a model of ways the system can be attacked (i.e., the attack scenarios).
  2. Predict how your enemies will attack by comparing their capabilities with your vulnerabilities, and estimating the benefits they will obtain from each attack.
  3. Evaluate the negative impact on the victim of each attack scenario.
  4. Combine your attack predictions with victim impact to determine the level of risk associated with each attack scenario.
  5. Use your findings to propose a strategy of countermeasures. Incorporate the countermeasures into your model and repeat steps 2 - 4 to evaluate the effectiveness of the proposals.

Why Conventional Risk Analysis Doesn't Work for Hostile Threats

At the most fundamental level, all risk analysis systems try to determine two things: the likelihood that an undesirable event will occur and the damage that will result. For some types of risks (e.g., natural disasters), it is easy to find statistics describing the frequencies of hazards such as hurricanes, tornados, ice storms and floods. These figures can easily be combined with projected damages to arrive at an accurate risk estimate.

Unfortunately, accidental risks are no longer our primary concern. In an increasingly hostile world, neither information systems nor physical infrastructure are safe from deliberate attack. Statistics-based risk assessment approaches are ineffective in these cases because there are no statistics describing the frequency of the attacks. The attacks used may never have been seen before. The attackers may choose their methods to elude our defenses.

Conventional, checklist-based threat risk assessment (TRA) approaches are cumbersome, do not scale, produce recommendations that are hard to defend and are impossible to adapt in a timely fashion as the threat environment changes.

<< Previous Item (1 of 3)       Up (To Risk Modeling)       Next Item (3 of 3) >>