Risk assessment tactics optimizing efficiency and threat-space coverage
This talk is about the design of an attack-centric model for risk assessment that can be used to analyze assessment information and deduce unexplored threats, help prioritize which risks should be attended to and make predictions. The aim of this talk is to present what we see is a need for risk assessment within large enterprises. In particular, we provide a set of requirements that we discuss and show a sketch of a model that satisfies them. Further, we deduce some applications that will help organize (and plan) the risk assessment process of the large enterprise.