A critical component of risk management is thinking like an adversary. One approach that has been developed to analyze risk from an attacker's view point is the use of attack trees.
The objective of this assignment is to learn how to create attack trees.
1. Create an attack tree for accessing John Doe's Gmail email account.
2. Create an attack tree for penetrating a computer network or computer application that you are familiar with.
- Present your attack tree as a figure (as we discussed in class)
- Your attack trees should be as complete as possible -- try not to overlook any branches. For each tree, you must have at least one path with at least four levels (where the levels include the root and the leaf nodes).
- Sometimes attack trees can be very deep, with many branches. For this assignment, limit the attack path to 5 levels. Add a note stating that this node can be expanded further.
3. There are two variations of the OCTAVE method of risk assessment, namely, OCTAVE-S, and OCTAVE-Allegro. What is the difference between the two variants? (1 paragraph of at least 4 lines). When would you use one over the other? Explain. (1 paragraph of at least 4 lines)