Cybersecurity Threat Analysis and Risk Management

The field of cybersecurity is moving towards more comprehensive and systematic approaches to threat analysis and risk management. Researchers are exploring new methodologies and frameworks to model, visualize, and analyze cyber threats, attack paths, and their impact on user services. There is a growing emphasis on integrating network and attack graphs to enable service-centric impact analysis and develop more effective protection and mitigation measures. Additionally, the use of ontological analysis and logical frameworks is becoming more prevalent to improve the adequacy and interoperability of security models. Noteworthy papers include:

  • A paper that introduces a logic-based framework for reasoning about safety, security, and defense interactions in Attack-Fault-Defense Trees, enabling domain experts to express complex analysis goals through intuitive templates.
  • A paper that presents a novel methodology for modeling, visualizing, and analyzing cyber threats, attack paths, and their impact on user services in enterprise or infrastructure networks. These contributions are advancing the field by providing more robust and systematic approaches to cybersecurity threat analysis and risk management.

Sources

Efficient Cybersecurity Assessment Using SVM and Fuzzy Evidential Reasoning for Resilient Infrastructure

Querying Attack-Fault-Defense Trees: Property Specification in Smart Grid and Aerospace Case Studies

An ontological lens on attack trees: Toward adequacy and interoperability

Integrating Network and Attack Graphs for Service-Centric Impact Analysis

Built with on top of