Bridging Two Worlds: Reconciling Practical Risk Assessment Methodologies with Theory of Attack Trees

Olga Gadyatskaya, Carlo Harpes, Sjouke Mauw, Cedric Muller, Steve Muller

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    11 Citations (Scopus)

    Abstract

    Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to select countermeasures that optimally reduce risks while having minimal costs. According to ISO/IEC 27001, risk treatment relies on catalogues of countermeasures, and the analysts are expected to estimate the residual risks. At the same time, recent advancements in attack tree theory provide elegant solutions to this optimization problem. In this paper we propose to bridge the gap between these two worlds by introducing optimal countermeasure selection problem on attack-defense trees into the TRICK security risk assessment methodology.
    Original languageEnglish
    Title of host publicationGraphical Models for Security
    Subtitle of host publicationThird International Workshop, GraMSec 2016, Lisbon, Portugal, June 27, 2016, Revised Selected Papers
    EditorsBarbara Kordy, Mathias Ekstedt, Dong Seong Kim
    Place of PublicationCham
    PublisherSpringer
    Pages80-93
    Number of pages14
    ISBN (Electronic)978-3-319-46263-9
    ISBN (Print)978-3-319-46262-2
    DOIs
    Publication statusPublished - 8 Sep 2016
    Event3rd International Workshop on Graphical Models for Security, GraMSec 2016 - Lisbon, Portugal
    Duration: 27 Jun 201627 Jun 2016
    Conference number: 3

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer
    Volume9987
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349
    NameSecurity and Cryptology
    PublisherSpringer

    Workshop

    Workshop3rd International Workshop on Graphical Models for Security, GraMSec 2016
    Abbreviated titleGraMSec
    CountryPortugal
    CityLisbon
    Period27/06/1627/06/16

    Keywords

    • EC Grant Agreement nr.: FP7/318003
    • EC Grant Agreement nr.: FP7/2007–2013
    • IR-101549
    • METIS-318530
    • EWI-27242

    Fingerprint

    Dive into the research topics of 'Bridging Two Worlds: Reconciling Practical Risk Assessment Methodologies with Theory of Attack Trees'. Together they form a unique fingerprint.

    Cite this