Fabrizio Baiardi

We outline a framework for the risk assessment of information infrastructures that generalizes the notion of dependency with respect to attributes such as confidentiality, integrity or availability. Dependencies are used to model an infrastructure at distinct abstraction levels and to discover attack strategies as well as risk mitigation plans. A plan is formulated in terms of set of countermeasures because single countermeasures may be ineffective due to alternative threat attack strategies. We do not detail the assessment steps but show how the proposed framework support their integration to define risk mitigation plans. Lastly, we consider programming tools to support the assessment.