Security risk mapping of potential targets

摘要

A method comprising: receiving an identification of the target assets at risk of being attacked and of the technology layers of the organization, wherein each of the target assets may instantiate in multiple ones of the technology layers; constructing multiple attack vectors for each of at least a portion of said target assets, by determining for each attack vector three target dimensions, each of a category of: method of achieving a malicious objective, method of attack enablement and method of initial penetration; and estimating the security risk of each of said multiple attack vectors, wherein the estimating of the security risk of an attack vector of said multiple attack vectors is based on probabilities of success of the combinations of a technology layer and an attack method characterizing each of the target dimensions of the attack vector.