Managing threats by the use of visualisation techniques

Identification of threats in networked systems is one of the important risk management processes that should be followed in order to be aware of all risks. In general, risk assessment guidelines for threat analysis propose to use historical organisation's data, thus, novel and unheard threats often are skipped from an analysis. In this paper, we propose a novel onion skin model (OSM) which consists of visualisation techniques, such as attack graphs, often applied for qualitative and quantitative risk assessment analyses. The model can be used to facilitate in threat identification and decision-making process by focusing on attack scenarios that illustrate vulnerable nodes, threats and shortest attack paths to the attacker's goal. The model can be used as part of risk management practices to improve security awareness through different attack scenarios and manage all system risks