Attack Effort


Attack Effort (or Access Complexity) is to account for the combination of time, knowledge, resources, and potential consequences to an Attacker when conducting a specific attack.

Appears the Common Vulnerabilities and Exposures (CVE) refers to this as "Exploitability Metrics"

Often there are CPU efforts required within the Attack Effort that may exceed the Computational Hardness Assumption

Attack Effort is generally higher for Advanced Persistent Threats and Targeted Attacks than Opportunistic Attack

The Open Group Risk Taxonomy (O-RT)#

Attack Effort is defined in Risk Taxonomy (O-RT) as Threat Capability (TCap) as the probable level of force that a threat agent is capable of applying against an asset.

More Information#

There might be more information for this subject on one of the following: