Litcius/Paper detail

A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees

Atul Rana, Sachin Gupta, Bhoomi Gupta

2024Frontiers in Computer Science10 citationsDOIOpen Access PDF

Abstract

Attack trees are a widely used method for threat modeling and analyzing cyber-attacks in organizational networks. Assessing the risk associated with each individual node of an attack tree is crucial for understanding the overall risk of the attack. This article presents a comparative study of different threat modeling methods and risk assessment approaches in organizational networks. The article also presents a novel comprehensive approach for quantifying risk assessment of organizational networks based on attack trees modified according to the factor analysis of information risk (FAIR) approach. Our results demonstrate the effectiveness of the novel approach in capturing the unique characteristics of different assets and their dependencies in an attack tree, leading to quantitative risk assessment.

Topics & Concepts

Risk assessmentRisk analysis (engineering)Computer scienceBusinessComputer securityInformation and Cyber SecurityNetwork Security and Intrusion DetectionCybercrime and Law Enforcement Studies