Decision Analysis Applications in Threat Analysis Frameworks

Cybersecurity is generally considered to be a highly reactive field where professionals struggle to keep up with new and emerging threats. As the profession works to become more human-centered and proactive, I have attempted to design a new modeling process that is highly pertinent to these emerging priorities.

It combines the existing conceptual, high-level research in economics regarding cost/benefit analysis of threat actors and the static and generalized models currently used in threat analysis.

The initial step of developing this framework required extensive searching for information on the threat actors whose behavior is to be modeled. Once an organization has identified pertinent threats in its sector, it must appropriately identify, categorize and research these threats to understand the types of attacks for which they are known. From this, the decision tree can be developed.

The first branch of the decision tree is the most common initial attack vector for the threat actor. This is written in the uncertainty format of “Success” or “Failure,” and subsequent steps are determined from there.

For example, if a “Success” occurs, then the attacker moves on to other steps of the attack process. However, if the attempt is a “Failure,” it does not mean the attack has failed and the threat ended. The attacker may have only one preferred point of entry, or they may have an arsenal of attack methods with which to make the initial breach.

Once the initial branch is made, subsequent branches are added, considering the possible actions a threat actor may take once the initial foothold is gained. For some threats, this may be a very straightforward process if only one MO tends to be used. However, the novelty of this framework exists in its flexibility to consider the actions of the attacker if one of these steps fails.

For (Read more...)