← Glossary
Glossary · ISO/SAE 21434
Attack Path
Sequence of attacker steps from initial access to compromise of a cybersecurity property.
An attack path is a multi-step chain — typically modelled as an attack tree — that takes an attacker from an initial entry point through intermediate compromises to the final realisation of a threat scenario. Attack-path analysis is the basis for attack-feasibility scoring and for identifying the controls that must be in place at each step.
Related terms
Attack Tree
Graphical representation of attacker goals, sub-goals, and the steps that achieve them.
Attack Feasibility
Estimation of how achievable an attack path is, expressed via factors such as elapsed time, expertise, knowledge, opportunity, and equipment.
Threat Scenario
Plausible way an attacker can compromise a cybersecurity property of an asset.
Need help applying Attack Path on a programme? Use the contact form or request a KAVACH demo.