Monday, April 19, 2021
  • CPDP 2021 – Moderator: Frederike Kaltheuner ‘Getting AI Right – Can Data Protection Help Safeguard Other Fundamental Rights?’
  • Ransomware Decoded: Preventing Modern Ransomware Attacks
  • Entrust acquires WorldReach Software: expands solutions portfolio to enable digital transformation for seamless travel and citizen identity services
  • DevSecOps in Practice: How to Embed Security into the DevOps Lifecycle
  • Armis for Healthcare: Pivoting the Approach to Vulnerability Management

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Decision Analysis Applications in Threat Analysis Frameworks

Decision Analysis Applications in Threat Analysis Frameworks

by Tripwire Guest Authors on July 19, 2018

Cybersecurity is generally considered to be a highly reactive field where professionals struggle to keep up with new and emerging threats. As the profession works to become more human-centered and proactive, I have attempted to design a new modeling process that is highly pertinent to these emerging priorities.

It combines the existing conceptual, high-level research in economics regarding cost/benefit analysis of threat actors and the static and generalized models currently used in threat analysis.

The initial step of developing this framework required extensive searching for information on the threat actors whose behavior is to be modeled. Once an organization has identified pertinent threats in its sector, it must appropriately identify, categorize and research these threats to understand the types of attacks for which they are known. From this, the decision tree can be developed.

The first branch of the decision tree is the most common initial attack vector for the threat actor. This is written in the uncertainty format of “Success” or “Failure,” and subsequent steps are determined from there.

For example, if a “Success” occurs, then the attacker moves on to other steps of the attack process. However, if the attempt is a “Failure,” it does not mean the attack has failed and the threat ended. The attacker may have only one preferred point of entry, or they may have an arsenal of attack methods with which to make the initial breach.

Once the initial branch is made, subsequent branches are added, considering the possible actions a threat actor may take once the initial foothold is gained. For some threats, this may be a very straightforward process if only one MO tends to be used. However, the novelty of this framework exists in its flexibility to consider the actions of the attacker if one of these steps fails.

For (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/featured/decision-analysis-applications-in-threat-analysis-frameworks/

July 19, 2018July 20, 2018 Tripwire Guest Authors BSides Las Vegas, Featured Articles, Threat analysis, Turla
  • ← Better Cybersecurity Job Descriptions: A Matter of Degrees?
  • Key Traits Employers Seek from Information Security Professionals →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

YT$AW: FBI Cleans Up Exchange Servers, NSA Tips Microsoft 4 More Bugs
The Need for a Cybersecurity Protection Agency
Heartbreak and Hacking: Dating Apps in the Pandemic
Wordsmithing: Cybersecurity or Cyber Safety?
U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks
Biden Admin Takes Action to Defend Electric Utilities Against Cyberattacks
Why Traditional Cybersecurity Tools Cannot Defend Against Zero-Day and No Signature Attacks
Important Strategies for Aligning Security With Business Objectives
Securing Your Supply Chain with CIS and Tripwire
Securing APIs: Empowering Security

Upcoming Webinars

Wed 21

Managing Open Policy Agent at Scale

April 21 @ 3:00 pm - 4:00 pm
Thu 22

A New Approach to Secure Web Gateways

April 22 @ 11:00 am - 12:00 pm
Mon 26

The Kubernetes Network (Security) Effect

April 26 @ 9:00 am - 10:00 am
Mon 26

Application Security: Moving at the Speed of DevOps

April 26 @ 1:00 pm - 2:00 pm
Wed 28

Cyber Attacks From the Open Source Perspective

April 28 @ 1:00 pm - 2:00 pm
Thu 29

Hack My Java Application: How Snyk and Red Hat Help Developers Stay Performant and Secure

April 29 @ 11:00 am - 12:00 pm
May 05

Managing Permissions and Entitlements is at the Core of a Zero Trust Model in the Cloud

May 5 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Online Ed is the New Corporate Threat Vector
Cybersecurity Governance, Risk & Compliance Industry Spotlight Malware Security Boulevard (Original) Threats & Breaches 

Online Ed is the New Corporate Threat Vector

April 19, 2021 Curtis Simpson | 9 hours ago 0
Three Wishes to Revitalize SIEM and Your SOC
Cybersecurity Data Security Endpoint Industry Spotlight Network Security Security Boulevard (Original) 

Three Wishes to Revitalize SIEM and Your SOC

April 16, 2021 Albert Zhichun Li | 3 days ago 0
Breach Clarity Weekly Data Breach Report: Week of April 12
Cybersecurity Data Security Identity & Access Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Breach Clarity Weekly Data Breach Report: Week of April 12

April 14, 2021 Kyle Marchini | Apr 14 0

Top Stories

U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Incident Response IoT & ICS Security Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks

April 16, 2021 Richi Jennings | 3 days ago 0
YT$AW: FBI Cleans Up Exchange Servers, NSA Tips Microsoft 4 More Bugs
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Incident Response Malware Network Security News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

YT$AW: FBI Cleans Up Exchange Servers, NSA Tips Microsoft 4 More Bugs

April 14, 2021 Richi Jennings | 4 days ago 0
Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)
Analytics & Intelligence Application Security AppSec Cyberlaw Cybersecurity Deep Fake and Other Social Engineering Tactics Endpoint Featured Governance, Risk & Compliance Identity & Access Identity and Access Management Incident Response IoT & ICS Security Malware Network Security News Securing the Edge Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)

April 12, 2021 Richi Jennings | Apr 12 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘AI Methodology’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.