Bridging two worlds: Reconciling practical risk assessment methodologies with theory of attack trees

Authors :: Gadyatskaya, Olga
Harpes, Carlo
Mauw, Sjouke
Muller, Cedric
Muller, Steve
Kordy, Barbara
Ekstedt, Mathias
Kim, Dong Seong
European Commission - EC [sponsor]
Interdisciplinary Centre for Security, Reliability and Trust - SnT [research center]
Source :: Proc. of GraMSec. Springer (2016)., Graphical Models for Security ISBN: 9783319462622, GraMSec@CSF, Graphical Models for Security: Third International Workshop, GraMSec 2016, Lisbon, Portugal, June 27, 2016, Revised Selected Papers, 80-93, STARTPAGE=80;ENDPAGE=93;TITLE=Graphical Models for Security
Publication Year :: 2016
Abstract: Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to select countermeasures that optimally reduce risks while having minimal costs. According to ISO/IEC 27001, risk treatment relies on catalogues of countermeasures, and the analysts are expected to estimate the residual risks. At the same time, recent advancements in attack tree theory provide elegant solutions to this optimization problem. In this short paper we propose to bridge the gap between these two worlds by introducing optimal countermeasure selection problem on attack-defense trees into the TRICK security risk assessment methodology.

Language :: English
ISBN :: 978-3-319-46262-2
ISBNs :: 9783319462622
Database :: OpenAIRE
Journal :: Proc. of GraMSec. Springer (2016)., Graphical Models for Security ISBN: 9783319462622, GraMSec@CSF, Graphical Models for Security: Third International Workshop, GraMSec 2016, Lisbon, Portugal, June 27, 2016, Revised Selected Papers, 80-93, STARTPAGE=80;ENDPAGE=93;TITLE=Graphical Models for Security
Accession number :: edsair.doi.dedup.....e20b2b224778346fd666f5bf27e9fb1f

Tools