Glossary · ISO/SAE 21434

Attack Tree

Graphical representation of attacker goals, sub-goals, and the steps that achieve them.

An attack tree decomposes an attacker objective into AND/OR branches of progressively concrete sub-steps. It is one of the most common ways to express an attack path during ISO/SAE 21434 TARA, because it makes coverage gaps and control placement obvious.

Related terms

Attack Path
Sequence of attacker steps from initial access to compromise of a cybersecurity property.
Attack Feasibility
Estimation of how achievable an attack path is, expressed via factors such as elapsed time, expertise, knowledge, opportunity, and equipment.

Need help applying Attack Tree on a programme? Use the contact form or request a KAVACH demo.

Attack Tree

Attack Path

Attack Feasibility