Attack Trees and Prioritizing Risk

An attack tree is a diagram that models how an attacker could achieve a goal. The goal sits at the root, and the branches show the different paths and sub-steps required to reach it.

Where STRIDE enumerates threat types, attack trees explore the concrete paths an attacker might take. They are excellent for reasoning about a specific high-value target.

The root node is the attacker's ultimate objective, such as 'steal customer payment data.' Child nodes are the sub-goals or methods that achieve the parent.

You build the tree by repeatedly asking: 'How could an attacker accomplish this node?' Each answer becomes a child, and you keep decomposing until you reach concrete, actionable leaf actions.