Abstract
This chapter presents the cyber adversary characterization model. Cyber adversary characterizations can be divided into two categories: (1) characterizations that are of an entirely theoretical nature (such as characterizations of the risk that a specific, theoretical adversary subset may pose to a given asset) and (2) post-incident or forensic characterizations, where the threat that a “real,” characterized individual may pose to a given asset, using information available only after an incident has occurred (such as intrusion detection data). Theoretical characterization metrics, which largely rely upon quantitative data, can never be accurate without first considering real case studies (of actual cyber adversaries) from which the quantitative data must be derived. The cyber adversary model is about providing a framework that when populated and thus is divided into several properties, aiding in the ultimate goal of being able to accurately observe the relationship between adversary and target. This chapter summarizes some of the constant and conditional property relationships that can exist.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
