A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees
Attack trees are a widely used method for threat modeling and analyzing cyber-attacks in organizational networks. Assessing the risk associated with each individual node of an attack tree is crucial for understanding the overall risk of the attack. This article presents a comparative study of differ...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Frontiers Media S.A.
2024-02-01
|
| Series: | Frontiers in Computer Science |
| Subjects: | |
| Online Access: | https://www.frontiersin.org/articles/10.3389/fcomp.2024.1304288/full |
| _version_ | 1797291677818290176 |
|---|---|
| author | Atul Rana Sachin Gupta Bhoomi Gupta |
| author_facet | Atul Rana Sachin Gupta Bhoomi Gupta |
| author_sort | Atul Rana |
| collection | DOAJ |
| description | Attack trees are a widely used method for threat modeling and analyzing cyber-attacks in organizational networks. Assessing the risk associated with each individual node of an attack tree is crucial for understanding the overall risk of the attack. This article presents a comparative study of different threat modeling methods and risk assessment approaches in organizational networks. The article also presents a novel comprehensive approach for quantifying risk assessment of organizational networks based on attack trees modified according to the factor analysis of information risk (FAIR) approach. Our results demonstrate the effectiveness of the novel approach in capturing the unique characteristics of different assets and their dependencies in an attack tree, leading to quantitative risk assessment. |
| first_indexed | 2024-03-07T19:40:13Z |
| format | Article |
| id | doaj.art-04994af45eb544a5a022a1046daf32f9 |
| institution | Directory Open Access Journal |
| issn | 2624-9898 |
| language | English |
| last_indexed | 2024-03-07T19:40:13Z |
| publishDate | 2024-02-01 |
| publisher | Frontiers Media S.A. |
| record_format | Article |
| series | Frontiers in Computer Science |
| spelling | doaj.art-04994af45eb544a5a022a1046daf32f92024-02-29T05:28:33ZengFrontiers Media S.A.Frontiers in Computer Science2624-98982024-02-01610.3389/fcomp.2024.13042881304288A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack treesAtul Rana0Sachin Gupta1Bhoomi Gupta2MVN University, Faridabad, IndiaMaharaja Agrasen Institute of Technology, Delhi, IndiaMaharaja Agrasen Institute of Technology, Delhi, IndiaAttack trees are a widely used method for threat modeling and analyzing cyber-attacks in organizational networks. Assessing the risk associated with each individual node of an attack tree is crucial for understanding the overall risk of the attack. This article presents a comparative study of different threat modeling methods and risk assessment approaches in organizational networks. The article also presents a novel comprehensive approach for quantifying risk assessment of organizational networks based on attack trees modified according to the factor analysis of information risk (FAIR) approach. Our results demonstrate the effectiveness of the novel approach in capturing the unique characteristics of different assets and their dependencies in an attack tree, leading to quantitative risk assessment.https://www.frontiersin.org/articles/10.3389/fcomp.2024.1304288/fullattack treesthreat modelingrisk assessmentorganizational networksFAIR approachquantitative assessment |
| spellingShingle | Atul Rana Sachin Gupta Bhoomi Gupta A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees Frontiers in Computer Science attack trees threat modeling risk assessment organizational networks FAIR approach quantitative assessment |
| title | A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees |
| title_full | A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees |
| title_fullStr | A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees |
| title_full_unstemmed | A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees |
| title_short | A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees |
| title_sort | comprehensive framework for quantitative risk assessment of organizational networks using fair modified attack trees |
| topic | attack trees threat modeling risk assessment organizational networks FAIR approach quantitative assessment |
| url | https://www.frontiersin.org/articles/10.3389/fcomp.2024.1304288/full |
| work_keys_str_mv | AT atulrana acomprehensiveframeworkforquantitativeriskassessmentoforganizationalnetworksusingfairmodifiedattacktrees AT sachingupta acomprehensiveframeworkforquantitativeriskassessmentoforganizationalnetworksusingfairmodifiedattacktrees AT bhoomigupta acomprehensiveframeworkforquantitativeriskassessmentoforganizationalnetworksusingfairmodifiedattacktrees AT atulrana comprehensiveframeworkforquantitativeriskassessmentoforganizationalnetworksusingfairmodifiedattacktrees AT sachingupta comprehensiveframeworkforquantitativeriskassessmentoforganizationalnetworksusingfairmodifiedattacktrees AT bhoomigupta comprehensiveframeworkforquantitativeriskassessmentoforganizationalnetworksusingfairmodifiedattacktrees |