Likelihood Estimation

Likelihood estimation provides a simplified methodology to evaluate the likelihood of a risk in CycurRISK. This methodology uses one likelihood dimension to perform the evaluation. You can use this approach when you require a clear and straightforward assessment.

This method estimates a threats initial and residual AFR as one of the four values: highly likely, likely, less likely, or unlikely. These values are then translated to an AFR, as shown in Tab. 6.

The likelihood estimation method does not use any attack trees but gives textual descriptions of the considered attack paths. Likelihood estimation is considered less rigorous than the attack potential method.

Likelihood

AFR

highly likely

high

likely

medium

less likely

low

unlikely

very low

Tab. 6: Example - Mapping of likelihood to AFR