Answer to Question #281127 in Algorithms for candy

Attack Trees could be used to analyze problems in many different domains

including but not limited to Oil/gas pipelines, Chemical Plants, Information Technology,

Infrastructure, and Facilities. However, applying Attack Trees to analyze problems we

are familiar with may be overkill. For instance, attacks which happen frequently (such as

house break-ins) are well understood and intuitive.

Attack Trees are typically applied for architecture risk analysis and hence may

describe attacks for specific protocols that appear in the architecture. That level of detail

is not necessary for requirements engineering. An Attack Tree for requirements

engineering might start with the risks identified during a preliminary risk analysis and be

refined by the analysis of the concept of operations.

While the generation of an Attack Tree can be done incrementally and be refined by

multiple contributors, there is no guarantee of completeness. Often attacker-specific

information is a best guess. An Attack Tree can be quite detailed, and that detail increases

the cost of both creation and maintenance, particularly for a large system. On the other

hand, widely applicable attacks trees could be shared and hence refined by a relatively

large collection of experts. But, it should be note that Attack Trees do not necessarily

represent all possible attacks. The unrepresented attacks may be more prevalent as we

deploy larger and more complex systems.