Attack tree analysis can be used to systematically explore the technical feasibility of concrete attacks on protection goals.1 e protection goal is inverted for attack tree analysis. As you see in Figure 18.3, the goal of the attack is to track a person. e inverse of this attack is the protection goal, which is to not be tracked. e inverted protection goal is the root of the attack tree. e IT project team thinks about how the attack on its protection goal would be realized. e inverted protection goal is hierarchically disassembled into subgoals attackers must reach. Subgoals need to be technically achievable in combination or alternatively (conjunction or disjunction). e subgoals are analyzed systematically to identify critical aspects of the technology.