A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees

2Citations
Citations of this article
6Readers
Mendeley users who have this article in their library.

Abstract

Attack trees are a widely used method for threat modeling and analyzing cyber-attacks in organizational networks. Assessing the risk associated with each individual node of an attack tree is crucial for understanding the overall risk of the attack. This article presents a comparative study of different threat modeling methods and risk assessment approaches in organizational networks. The article also presents a novel comprehensive approach for quantifying risk assessment of organizational networks based on attack trees modified according to the factor analysis of information risk (FAIR) approach. Our results demonstrate the effectiveness of the novel approach in capturing the unique characteristics of different assets and their dependencies in an attack tree, leading to quantitative risk assessment.

Cite

CITATION STYLE

APA

Rana, A., Gupta, S., & Gupta, B. (2024). A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees. Frontiers in Computer Science, 6. https://doi.org/10.3389/fcomp.2024.1304288

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free