A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees

Atul Rana; Sachin Gupta; Bhoomi Gupta

doi:10.3389/fcomp.2024.1304288

Frontiers in Computer Science (Feb 2024)

A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees

Atul Rana,
Sachin Gupta,
Bhoomi Gupta

Affiliations

Atul Rana: MVN University, Faridabad, India
Sachin Gupta: Maharaja Agrasen Institute of Technology, Delhi, India
Bhoomi Gupta: Maharaja Agrasen Institute of Technology, Delhi, India

DOI: https://doi.org/10.3389/fcomp.2024.1304288
Journal volume & issue: Vol. 6

Abstract

Read online

Attack trees are a widely used method for threat modeling and analyzing cyber-attacks in organizational networks. Assessing the risk associated with each individual node of an attack tree is crucial for understanding the overall risk of the attack. This article presents a comparative study of different threat modeling methods and risk assessment approaches in organizational networks. The article also presents a novel comprehensive approach for quantifying risk assessment of organizational networks based on attack trees modified according to the factor analysis of information risk (FAIR) approach. Our results demonstrate the effectiveness of the novel approach in capturing the unique characteristics of different assets and their dependencies in an attack tree, leading to quantitative risk assessment.

Published in Frontiers in Computer Science

ISSN: 2624-9898 (Online)
Publisher: Frontiers Media S.A.
Country of publisher: Switzerland
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://www.frontiersin.org/journals/computer-science#

About the journal

Abstract

Keywords