a security economics service platform for smart security
play

a Security ECONomics service platform for smart security investments - PowerPoint PPT Presentation

Feb 24, 2023 •126 likes •273 views

a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 era SECONDO: A Platform for Cybersecurity Investments and Cyber Insurance Decisions The 17th International Conference on Trust,

  1. a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 era SECONDO: A Platform for Cybersecurity Investments and Cyber Insurance Decisions The 17th International Conference on Trust, Privacy and Security in Digital Business TrustBus2020 Virtual Event, 14-17 September 2020 Co-funded by the Horizon H2020 Framework Programme of the European Union under grant agreement no 823997.

  2. Motivation • Social media logins is available for $2.73 • Since COVID-19, the US FBI reported an increase of each in the Dark Web. 300% in reported cybercrimes. • Cybercrime damage may cost the world $6 trillion • For sale in the Dark Web annually by 2021. 20 billion passwords & emails . • 67% increase in security breaches in the last five years. • Cost of ransomware to businesses will top $20 billion in 2021. • A ransomware attack every 14 seconds . https://blog.s4rb.com H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 2

  3. Cyber Attacks • NotPetya, Worldwide, 2017 • Marriott Cyberattack, 2018 • Ransomware • Since 2014 • $300 to regain access on each computer • 500M guest records exposed • Mondelez: $100M • Reimbursements: $71M • Maersk: $300M • $120M fined under GDPR • Merck: $300M • Insurers had denied claims • Shen-attack scenario • Ransomware hypothesis • Cost of Cyber Attack on Asia-Pacific Ports https://industryanalysts.com Could Reach $110B. l Simon Weckert Causes Google Maps • 92% of all losses resulting from a cyber attack “Traffic Jams” By Carrying 99 Cell Phones, would not be insured February 2020 H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 3

  4. Challenges in Risk Mitigation • Allocate adequate budget • Security Team’s understanding • Motivation • Data sources • Infrastructure • Validation • Awareness • Quality • Methods • Speed • New Threats emerging • Correlation • Human error • Integrate security tools with the organization • Credibility www.mindthegap.ngo H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 4

  5. The SECONDO platform SECONDO proposes an Economics-of-Security-as-a-Service (ESaaS) platform that encompasses a comprehensive cost-driven methodology for: • estimating cyber risks based on a quantitative approach (on both technical and non-technical aspects) • recommending optimal investments in cyber security for efficient risk management • determining the residual risks and estimating the cyber insurance premiums www.massey.ac.nz H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 5

  6. The SECONDO platform Quantitative Risk Cyber Security Cyber Insurance Analysis Module Investment Module Coverage and Continuous Risk Premiums Module Monitoring Module Risk Analysis Ontology and Smart Econometrics Harmonisation Module Contracts Module Social Engineering Insurance Insurance Game Theoretic Assessment Module Ontology Estimation Module Asset Pricing Big Data Collection and Processing Module Optimal Security Enhanced Risk Cyber Insurance Investment Assessment Policies Estimation H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 6

  7. The SECONDO platform Blockchain Cyber Security Investment Module Quantitative Risk Analysis Module Cyber Insurance Coverage and Premiums Module Risk Assessment Metamodel Continuous Risk Monitoring Module Risk Assessment Existing Risk Smart Analysis Tools Risk Analysis Ontology and Contracts Costs Harmonisation Module Econometrics Module Social Engineering data Insurance Insurance External Sources Reports Ontology Social Engineering Assessment Module Estimation Game Theoretic Module Defending Strategies Pricing External Sources Analytics Asset Pricing Analytics Big Data Collection and Processing Module Risk related data (e.g. logs, external sources) Enhanced Risk Assessment Optimal Security Investment Cyber Insurance Policies Estimation H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 7

  8. SECONDO technologies Analyze Data Acquire Data • Python • Phishing • Pandas Library • SIEM • ELK stack 01 • Log files (Firewall, IDS) 02 • QORAS Method • Social Media • Nash Equilibria • ELK stack • Python • Apache Intelligence • Econometric Methods 04 • Optimal Decisions Continuous Risk Monitoring 03 • Premiums and Coverages • OLISTIC Enterprise Risk Management • Privacy-preserving smart contracts • Blockchain • Solidity • Ethereum private blockchain H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 8

  9. Use Cases • Use Case 1 – Human susceptibility to cybersecurity breaches in IoT- enabled smart home • “IoT devices typically attacked within 5 minutes.” NETSCOUT • Use Case 2 – Optimal Patching of Airport Cyber Infrastructures Assess 1. 66% of the airports have data exposed on the Dark Web 2. 97% of the airport websites have outdated web software 100 of the biggest international airports ImmuniWeb Refine • Use Case 3 – Cyber insurance for Innovative SME • “ 28% of data breaches in 2020 involve small businesses.” • Verizon Adapt • Use Case 4 – Cyber Risk Transfer in Maritime Industry • “400% increase in hack attempts since February 2020.” • Naval Dome H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 9

  10. SECONDO Application • Phase 1 : Cyber-physical Risk assessment • Identify assets, vulnerabilities and threats. Phase 1 • RAOHM : quantitatively compute the overall risk. • Phase 2 : Cyber-physical Risk management • Cyber-physical risk management utilizing the risk assessment results. • ECM & GTM : payoff functions and optimal controls selection strategies. Phase 2 • CISM : optimal ways to invest in cybersecurity controls. • Phase 3 : Insurance exposure estimation, coverage and premium calculation • CICPM : collect data and produce optimal insurance premium. Phase 3 • Optimal deal with policies of the agreement being stored as a smart contract on a blockchain. • CRMM : Continuously monitor for possible violation of the agreed policies. H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 10

  11. The SECONDO challenges 6. Adjust to organization topology 1. Optimal Risk Assessment 2. Smart Contracts 7. Accurate Data 3. Cyber Threat Mitigation 8. Continuous Risk Monitoring 4. Predict Attacking Scenarios 9. Detect-Prepare-Prevent-Protect 10. Reduce cyber security budget 5. Adapt to new changes and needs H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 11

  12. SECONDO 4 Universities and 4 SMEs University of Piraeus Research Center - Greece University of Surrey - United Kingdom Cyprus University of Technology - Cyprus University of Greenwich - United Kingdom Ubitech Limited - Cyprus LSTECH Espana SL - Spain KROMAR EPE, Greece Fogus Innovations & Services P.C., Greece H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 12

  13. Visit us for our latest news Find us on social media www.secondo-h2020.eu @H2020Secondo @ H2020Secondo SECONDO Project H2020 – Grant Agreement no. 823997 TrustBus, 14-17 September 2020 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE Maritime Security - Commercial Shipping Security - Cruise Liner Security - Super-Yacht Security Maritime Security Services UCP GROUP is a market

247 views • 22 slides
HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data Security February 2016 Data Security Impacts Design and Delivery of Big Data Projects Data Security frequently is a leading Role Security Impacts

545 views • 23 slides
Economics of network security Harald Vranken 1 Economics of network security Note that

Economics of network security Harald Vranken 1 Economics of network security Note that

Advanced Network Security (2019-2020) Economics of network security Harald Vranken 1 Economics of network security Note that network in this lecture means Physical communication network (eg. Internet, telephony, fax, telegraph)

769 views • 49 slides
Security as an App and Security as a Service: New

Security as an App and Security as a Service: New

Security as an App and Security as a Service: New Killer Applica6ons for So9ware Defined Networking? Guofei Gu SUCCESS Lab, Texas A&M

447 views • 42 slides
Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day David Harper Practice Principal Fortify on Demand #MicroFocusCyberSummit Agenda The Application Security Problem Security Gate Secure DevOps

37.39k views • 30 slides
Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou

Smart Contract Security Assessing Solidity smart contracts About Me Evangelos Deirmentzoglou Security Consultant Smart contract audits Nmap/Ncrack contributor Certs: OSCE, OSCP, OSWP Blockchain Basics Front Running

642 views • 30 slides
Backwaters: Security Streaming Platform Comcast TPX Security Solutions Engineering (SSE) The Team

Backwaters: Security Streaming Platform Comcast TPX Security Solutions Engineering (SSE) The Team

Backwaters: Security Streaming Platform Comcast TPX Security Solutions Engineering (SSE) The Team Chris Maenner Ryan Van Antwerp Will Weber Principal Security Developer Principal Security Developer Senior Security Developer 2 Agenda

179 views • 17 slides
Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security

Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security

CS 155 Spring 2018 Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories Physical, platform malware, malicious apps Defense

1.17k views • 93 slides
CASHWIZARD THE SMART SOLUTION SECURITY I N N O V A T I O N RELIABILITY 1 Who is AMSEC?

CASHWIZARD THE SMART SOLUTION SECURITY I N N O V A T I O N RELIABILITY 1 Who is AMSEC?

CASHWIZARD THE SMART SOLUTION SECURITY I N N O V A T I O N RELIABILITY 1 Who is AMSEC? American Security Products [AMSEC] located in worlds Fontana, California is the best known provider of security safes. For over 70+ years, we

814 views • 21 slides
IoT SECURITY Enabling Trust and Digital Future LIM SOON CHIA DIR(TECHNOLOGY) CYBER SECURITY

IoT SECURITY Enabling Trust and Digital Future LIM SOON CHIA DIR(TECHNOLOGY) CYBER SECURITY

IoT SECURITY Enabling Trust and Digital Future LIM SOON CHIA DIR(TECHNOLOGY) CYBER SECURITY AGENCY 1 of 14 The Great Digital Convergence Smart Mobility Smart Payment Smart Health 3 of 17 Office Smart Mobility MRT Station Bus Stop

577 views • 14 slides
Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction:

Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction:

Spring 2018 CS 155 Mobile Device and Platform Security John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories n Physical, platform malware, malicious apps Defense against physical theft Thurs

1.28k views • 64 slides
Economics of cybersecurity Measuring security levels Michel van

Economics of cybersecurity Measuring security levels Michel van

Economics of cybersecurity Measuring security levels Michel van Eeten Del. University of Technology Security produc=vity What is measurable? Security level

217 views • 10 slides
A personal perspective Ross Anderson Cambridge The birth of security economics Why

A personal perspective Ross Anderson Cambridge The birth of security economics Why

Security Economics A personal perspective Ross Anderson Cambridge The birth of security economics Why Information Security is Hard An Economic Perspective, ACSAC, Dec 2001 Now: a field with over 100 active researchers and one

245 views • 20 slides
Announcements This Thursday: Last lecture! Special Lecture on Smart Transportation Security

Announcements This Thursday: Last lecture! Special Lecture on Smart Transportation Security

Announcements This Thursday: Last lecture! Special Lecture on Smart Transportation Security Recent advance in security issues of self-driving cars and smart traffic light --- one of the most disruptive tech today, impacting the safety

518 views • 29 slides
Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu

Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu

Partners in Information Security Think like a Hacker Not So Smart Phone security Introduction Peter Rietveld Liviu Rombaut Traxion Smartphones will never be secure Since security is not a simple notion What & Whom

331 views • 18 slides
Defense Security Service Defense Security Service Cybersecurity Operations Division

Defense Security Service Defense Security Service Cybersecurity Operations Division

UNCLASSIFIED//FOUO Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED//FOUO UNCLASSIFIED Defense Security Service DSS Mission Capability DSS Supports national security and

490 views • 33 slides
Epistemic Planning for Implicit Coordination Thomas Bolander , DTU Compute, Technical University of

Epistemic Planning for Implicit Coordination Thomas Bolander , DTU Compute, Technical University of

Epistemic Planning for Implicit Coordination Thomas Bolander , DTU Compute, Technical University of Denmark Joint work with Thorsten Engesser, Robert Mattm uller and Bernhard Nebel from Uni Freiburg Thomas Bolander, Epistemic Planning, M4M, 9

275 views • 24 slides
Challenges in Automating Style Checking for Legislative Texts Stefan Hfler and Kyoko Sugisaki

Challenges in Automating Style Checking for Legislative Texts Stefan Hfler and Kyoko Sugisaki

Institut fr Computerlinguistik Challenges in Automating Style Checking for Legislative Texts Stefan Hfler and Kyoko Sugisaki Seite 1 Second Workshop on Computational Linguistics and Writing. Avignon, April 23, 2012. Motivation Current

497 views • 13 slides
From behind the keyboard to behind bars: Cybercrime arrests and prosecu6ons in the UK Dr Alice

From behind the keyboard to behind bars: Cybercrime arrests and prosecu6ons in the UK Dr Alice

From behind the keyboard to behind bars: Cybercrime arrests and prosecu6ons in the UK Dr Alice Hutchings Computer Laboratory, University of Cambridge Presenta>on for the Inaugural Cybercrime Conference, 14 July 2016 Cambridge Computer

535 views • 32 slides
Causal Premise Semantics Stefan Kaufmann Northwestern / University of Connecticut Perspectives

Causal Premise Semantics Stefan Kaufmann Northwestern / University of Connecticut Perspectives

Premise Semantics Implementation Causal Premise Semantics References Causal Premise Semantics Stefan Kaufmann Northwestern / University of Connecticut Perspectives on Modality Stanford, April 12, 2013 Premise Semantics Implementation

583 views • 42 slides
Intelligent logging server SIEM for the poor Jan Vykopal , Martin Ju ren, Daniel Kou

Intelligent logging server SIEM for the poor Jan Vykopal , Martin Ju ren, Daniel Kou

Introduction Use case: cyber attack detection Intelligent logging server SIEM for the poor Jan Vykopal , Martin Ju ren, Daniel Kou ril Tom Kubina, Michal Prochzka, Martin Draar Masaryk University, Brno, Czech Republic CYTER

678 views • 23 slides
S U N D A Y C Y B E R S E S S I O N better boards conference 2018 Robens Report Initiator

S U N D A Y C Y B E R S E S S I O N better boards conference 2018 Robens Report Initiator

S U N D A Y C Y B E R S E S S I O N better boards conference 2018 Robens Report Initiator of OHS societal change Lord Cullens Review 103 recommendations to improve OHS Lord Cullens 25 year review The top 10 recommendations W

391 views • 10 slides
Evelyn Chye A for Apple illustration Cyber Wellness Values B alance E mbracing the

Evelyn Chye A for Apple illustration Cyber Wellness Values B alance E mbracing the

Cyberwellness for Parents of Pre-Schoolers Presented by: Evelyn Chye A for Apple illustration Cyber Wellness Values B alance E mbracing the Net & Inspire others A stuteness R espect & Responsibility

198 views • 6 slides
Security Data Science Joshua Neil Security Analytics Leader Advanced Security Center EY

Security Data Science Joshua Neil Security Analytics Leader Advanced Security Center EY

Security Data Science Joshua Neil Security Analytics Leader Advanced Security Center EY Powered by Agenda A Background, LANL and the EY/LANL Alliance Traditional Security and Operational Security Data B Science Advanced Analytics:

558 views • 24 slides

More recommend