Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to select countermeasures that optimally reduce risks while having minimal costs. According to ISO/IEC 27001, risk treatment relies on catalogues of countermeasures, and the analysts are expected to estimate the residual risks. At the same time, recent advancements in attack tree theory provide elegant solutions to this optimization problem. In this short paper we propose to bridge the gap between these two worlds by introducing optimal countermeasure selection problem on attack-defense trees into the TRICK security risk assessment methodology
Risk assessment (threat analysis) is traditionally performed by a group of human analysts (think Del...
Attack-defense trees are a novel methodology for graphical security modelling and assessment. They e...
To cope up the network security measures with the financial restrictions in the corporate world is s...
Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to...
Risk treatment is an important part of risk management, and deals with the question which security c...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
<p>Attack tree (AT) is one of the widely used non-statespace</p><p>models in security analysis. The ...
Efficient risk assessment requires automation of its most tedious tasks: identification of vulnerabi...
Constraints such as limited security investment cost precludes a security decision maker from implem...
Attack-defence trees are a promising approach for representing threat scenarios and possible counter...
Attack-defence trees are a promising approach for representing threat scenarios and possible counter...
Attack tree (AT) is one of the widely used non-state-space models for security analysis. The basic f...
International audienceAttack trees are widely used in the fields of defense for the analysis of risk...
In modeling system response to security threats, researchers have made extensive use of state space ...
Risk assessment (threat analysis) is traditionally performed by a group of human analysts (think Del...
Attack-defense trees are a novel methodology for graphical security modelling and assessment. They e...
To cope up the network security measures with the financial restrictions in the corporate world is s...
Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to...
Risk treatment is an important part of risk management, and deals with the question which security c...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
<p>Attack tree (AT) is one of the widely used non-statespace</p><p>models in security analysis. The ...
Efficient risk assessment requires automation of its most tedious tasks: identification of vulnerabi...
Constraints such as limited security investment cost precludes a security decision maker from implem...
Attack-defence trees are a promising approach for representing threat scenarios and possible counter...
Attack-defence trees are a promising approach for representing threat scenarios and possible counter...
Attack tree (AT) is one of the widely used non-state-space models for security analysis. The basic f...
International audienceAttack trees are widely used in the fields of defense for the analysis of risk...
In modeling system response to security threats, researchers have made extensive use of state space ...
Risk assessment (threat analysis) is traditionally performed by a group of human analysts (think Del...
Attack-defense trees are a novel methodology for graphical security modelling and assessment. They e...
To cope up the network security measures with the financial restrictions in the corporate world is s...