Threat-based risk analysis
Unlike other methods of risk analysis, Rizikon doesn't look solely at your vulnerabilities. It combines information about your organisation and the types of attacker that may attack it. We call these 'Threat Actors'. Different actors have different motivations and capabilities. By mapping these capabilities against your vulnerabilities, we can derive a quantitative risk analysis and calculate likelihood of a successful attack.
The Direct Attack Path Analysis (DAPA) Algorithm
The DAPA Algorithm was developed by Professor David Stupples and his team at the Centre for Cyber and Security Sciences at City University, London.
It is based on research carried out in the nuclear industry to protect staff and facilities.
The method looks at all the paths by which an attacker might try to cause a breach in the organisation's system. This can be done by directly attacking from outside the perimeter of the system or by trying to have some form of malware transported into the system by a carrier (known as a mule).
The mule can be knowingly maliciously attacking the system (such as in the case of a bribed employee or someone carrying a grudge), or unwittingly transporting the malware (if it is hidden or disguised as legitimate software on some device).
We break down these paths of attack into 'Attack Vectors' and model each one based on the information we have gathered about your organisation. We use it to provide an overall probability of successful attack and the most likely means by which it could be executed.
In addition, Rizikon also provides you with advice and guidance on the configuration of any systems and equipment you already have in place.