18 2. PRELIMINARIES
develop prioritized security incident response plans to minimize the effect of an exploit. ere-
fore, risk assessment acts as an estimation and validation tool for an organization by shedding
light into security return on investment, get feedback on implemented security measures. is
is also help to understand their cohesion with respect to best security practices, compliance and
standards as laid down by regulatory bodies like NIST or ENISA.
Security Risk Assessment Process
e security risk assessment process is used to determine the strengths and weaknesses of an
organization’s systems, identifying and minimizing threats below a threshold which is accept-
able as per the security requirements of the organization. An example of an organization’s se-
curity requirements could be ensuring a certain level of assurance in confidentiality, integrity,
and availability of their application and the data it processes. Risk assessment generally focuses
on evaluating the likelihood of an undesired event (for, e.g., a data breach, or an unauthorized
access) and the impact it will have on the exploitation of the system and the organization as a
whole. Once this is evaluated, risk mitigation measures are designed and developed to minimize
the likelihood and impact of the risks. In broader terms, risk assessment can be used to identify
risks in different areas of an organization and not just related to Cyber security. For example,
traditional risk assessment in the domain of information security and IT security can be used
to evaluate systems and applications that support the functional services of an organization, its
network and servers, physical security of the devices and premise, risks present (due) to em-
ployees of the organization. e process of risk assessment is normally (and must be) utilized
during the conception of an IT service. Other than this, addition of new functionalities to an
application/service; changes in the networking environment; change in technology (Software or
Hardware updates) should also prompt the utilization of the risk assessment process.
e scope of attacks sustained by a WSN has been surveyed and discussed in [52, 53, 56].
e authors have assessed well-known sets of WSN attacks along with their countermeasures.
ey were, however, oblivious about the attack’s impact on a network and efficiency of the coun-
termeasures. In his survey on security issues of a WSN, Walter [38] established the parameters
based on which security of a WSN is characterized. ese parameters were confidentiality, in-
tegrity and availability. We are able to design the attack patterns from this information for our
work and analyze the attacks on a broader perspective. Analysis of various attacks adopted by the
adversary to exploit security parameters and ways in which they could be averted were also dis-
cussed in [38], although it did not address the likelihood of exploitation of an attack. Wood [57]
and Xu [58] give exposition on the omnipresent denial of service (DoS) attack. DoS are not only
hard to predict but also to counter. is helped us in understanding the nature of jamming at-
tacks in WSNs. e absence of predictability and correlation with other attacks in case of DoS
attack is a drawback on the security administrator’s part. Karlof [59], Kannhavong [60], and
Newsome [37] give an in-depth analysis on routing layer attacks and the Sybil attack, respec-
tively. However, these attacks can be exploited by successful execution of attacks in different