Likelihood Estimation versus Attack Potential
The difference between these methodologies is how a threat Attack Feasibility Rating (AFR) is determined.
The likelihood estimation method estimates a threats initial and residual AFR as one of the four values: highly likely, likely, less likely, or unlikely. These values are then translated to an AFR, as shown in Tab. 6.
The attack potential method, in contrast, analyzes attack paths using attack trees and rates them with a so-called attack potential, which is subsequently translated to an AFR.
The likelihood estimation method does not use any attack trees but gives textual descriptions of the considered attack paths. Likelihood estimation is considered less rigorous than the attack potential method.
|
Likelihood |
AFR |
|---|---|
|
highly likely |
high |
|
likely |
medium |
|
less likely |
low |
|
unlikely |
very low |