. 2022 Nov 2;82(11):16951–16971. doi: 10.1007/s11042-022-14036-y

Table 5.

Comparison of methodology and model [35]

Models/Methodology	Threat Agent Identification	Vulnerability Identification	Assets	Stakeholder Identification	ISO Standards & Control (17,799 &15,408	Probabilistic approach	Hierarchical approach
CRAMM [11]	✕		✓	✕	✓ & ✕	✓	✓
ARiES [9]	✕	✕	✓	✕	✕	✓	✕
Pfleeger [29]	✕	✓	✓	✕	✕	✓	✕
Caroll [45]	✕	✓	✓	✕	✕	✓	✕
Summers [38]	✓	✓	✓	✕	✕	✓	✕
COBRA [1]	✕	✓	✓	✕	✓ & ✕	Not Applicable.	Not Applicable.
FRAP [43]	✕	✓	✓	✓	✕	✕	✕
OCTAVE [2]	✓	✓	✓	✓	✓ & ✕	✓	✓
TAME [44]	✓	✓	✓	✓	✕	✕	✓
Jones [25]	✓	✕	✕	✕	✕	✕	✓
Amenza [22]	✓	✕	✕	✓	✕	✓	✓
VIM [41]	✓	✕	✓	✕	✕	✕	✓
SATAM [34]	✓	✓	✓	✓	✕	✓	✓