Why Attack Trees? Provide well documented method of exploring every possibility an adversary has (technical and non-technical). Data presentation in tree format allows: Easy gap identification Selective elaboration based on location in the tree Ability to assign attributes for nodes of the tree: Impact of the attack Ease of attack execution Cost of the attack Presence of countermeasures (such as best practices) Access/trust requirements to conduct attack http://www.ddj.com/documents/s=896/ddj9912a/9912a.htm http://www.cert.org/archive/pdf/01tn001.pdf |