Attack Path and Feasibility Analysis – Video course

Know the steps to perform an attack path analysis and how to evaluate attack feasibilities

In this video course, you will not only learn what the attack path and feasibility analysis are, but also understand how each are done based on best practices. For instance, you will learn how to perform an attack path analysis using the recommended top down approach using the linear attack path structure. Additionally, you will learn how to calculate attack feasibility values.

Watch video course
Attack-path-and-feasibility-analysis

Perform the attack path analysis and feasibility analysis based on best practices and in a systematic way

After the threat analysis and defining the resulting threat scenarios, we need to know how likely it is for a threat scenario to be realized by an attack. This is why the Attack Path and Feasibility Analysis must be performed as part of the TARA. In this video course, we will precisely explain both analyses, taking ISO/SAE 21434 requirements into consideration.

First, we will take a look at where the attack path and feasibility analysis are located in the overall TARA process and how they are used as input for the following activity, risk determination.

Right after, you will get an overview of the top down and bottom up approaches for the attack path analysis, as well as a visual clarification of how threat scenarios previously defined during the threat analysis are included here.

Once you understand how the top down approach works, you will get an explanation of the recommended by best practices linear attack path structure, as defining the structure is the next step in the attack path analysis. In a visual example, you will get to know how the threat scenarios and attack paths for each are presented based on this structure. Moreover, you will also get a visual overview on how to identify all attacks for each threat scenario in a systematic way to define the belonging descriptions.

As far as the feasibility assessment, we will explain what the process entails and which attack feasibility rating schemes are recommended by ISO/SAE 21434. Moreover, you will also learn which are the parameters for feasibility assessment and their corresponding levels. Finally, you will learn how feasibility calculations are done by taking the levels and values into account in a visual example.

Who the “Attack Path and Feasibility Analysis” video course is made for:

For system engineers

In this video course, you will learn how to improve the security of your system by performing a path analysis that provides you with more information about potential attacks and uncovering the potential vulnerabilities in the system.

For software engineers

Just as relevant for system engineers, knowing how likely an attack can be realized, is important to enable better security measures across systems. Especially, when cybersecurity measures are yet to be determined.

Attack Path and Feasibility Analysis – Video course content

I. Attack Path and Feasibility Analysis – video course introduction

Here, we will list the learning objectives of this video course and why they are important for your role and ISO/SAE 21434 compliance.

II. ISO/SAE 21434 Risk Assessment Process

Understand where the attack path analysis and attack feasibility takes place in the TARA, how it derives from the threat analysis and why it is necessary for further activities.

III. Attack Path Analysis

Understand the main two approaches to derive attacks, including the top down approach and the bottom up approach and how the resulting threat scenarios from the threat analysis are involved in a visual overview. You will also get use recommendations for both.

IV. Choosing a structural approach to attack path analysis

Since the ISO/SAE 21434 does not clarify how to implement a top down attack path analysis (the favorable approach), we will recommend and explain the linear attack path structure and show you how the end result looks like considering threat scenarios and attack paths.

V. Deriving the attack paths

Get a visual overview of the actions to perform to identify all attacks targeting each of the previously defined threat scenarios, and how attack paths and belonging descriptions are derived from here. An example is included.

VI. Attack feasibility assessment

Learn what the attack feasibility assessment process is, how together with the impact assessment serves for risks determination and what some ISO/SAE 21434 recommendations for attack feasibility rating schemes are.

VII. Attack potential factors

In this section, we will introduce and thoroughly explain the five parameters used for feasibility assessment and their corresponding possible levels or enumerates.

VIII. Deriving feasibilities

Understand how feasibility calculations are done by taking into account the previous parameter’s enumerate and assigning values. An example of the calculation is included.

IX. Lessons learned on Attack Path and Feasibility Analysis video course

Here, you will get a summary of the main takeaways from this video course

More video courses related to Attack Path and Feasibility Analysis

X