Open Access. Powered by Scholars. Published by Universities.®
![Digital Commons Network](http://assets.bepress.com/20200205/img/dcn/DCsunburst.png)
Databases and Information Systems Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 1 of 1
Full-Text Articles in Databases and Information Systems
Determining Vulnerability Using Attack Graphs: An Expansion Of The Current Fair Model, Beth M. Anderson
Determining Vulnerability Using Attack Graphs: An Expansion Of The Current Fair Model, Beth M. Anderson
EWU Masters Thesis Collection
Factor Analysis of Information Risk (FAIR) provides a framework for measuring and understanding factors that contribute to information risk. One such factor is FAIR Vulnerability; the probability that an event involving a threat will result in a loss. An asset is vulnerable if a threat actor’s Threat Capability is higher than the Resistance Strength of the asset. In FAIR scenarios, Resistance Strength is currently estimated for entire assets, oversimplifying assets containing individual systems and the surrounding environment. This research explores enhancing estimations of FAIR Vulnerability by modeling interactions between threat actors and assets through attack graphs. By breaking down the …