Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security

akronüüm: TREsPASS
algus: 2012-11-01
lõpp: 2016-10-31
 
programm: FP7 - Euroopa Liidu 7. raamprogramm
alaprogramm: ICT - Info- ja kommunikatsioonitehnoloogiad
instrument: CP-IP - Suuremahulised integreeritud projektid
projektikonkurss: FP7-ICT-2011-8
projekti number: 318003
kestus kuudes: 48
partnerite arv: 17
 
lühikokkuvõte: Information security threats to organisations have changed completely over the last decade, due to the complexity and dynamic nature of infrastructures and attacks. Successful attacks cost society billions a year, impacting vital services and the economy. Examples include StuxNet, using infected USB sticks to sabotage nuclear plants, and the DigiNotar attack, using fake certificates to spy on website traffic. New attacks cleverly exploit multiple organisational vulnerabilities, involving physical security and human behaviour. Defenders need to make rapid decisions regarding which attacks to block, as both infrastructure and attacker knowledge are constantly evolving. Current risk management methods provide descriptive tools for assessing threats by systematic brainstorming. In today’s dynamic attack landscape, however, this process is too slow and exceeds the limits of human imaginative capability. Emerging security risks demand an extension of established methods with an analytical approach to predict, prioritize, and prevent complex attacks. The TREsPASS project develops quantitative and organisation-specific means to achieve this in complex socio-technical environments. The iterative, tool-supported framework: • Represents the structure of complex organisations as socio-technical security models, integrating social and technical viewpoints; • Predicts socio-technical attacks, prioritises them based on their risk, and assesses the aggregated effect of preventive measures; • Presents results to enable quick understanding and updating of the current security posture. By integrating European expertise on socio-technical security into a widely applicable and standardised framework, TREsPASS will reduce security incidents in Europe, and allow organisations and their customers to make informed decisions about security investments. This increased resilience of European businesses both large and small is vital to safeguarding the social and economic prospects of Europe.
partneri jrk nr ja roll partneri nimi riik kontaktisik koduleht
1 koordinaator UNIVERSITEIT TWENTE NL http://www.utwente.nl
2 partner DANMARKS TEKNISKE UNIVERSITET DK http://www.dtu.dk
3 partner Cybernetica AS EE http://www.cyber.ee
4 partner GMVIS SKYSOFT SA PT http://www.gmv.com.pt
5 partner GMV Soluciones Globales Internet S.A. ES http://www.gmv.es
6 partner ROYAL HOLLOWAY AND BEDFORD NEW COLLEGE UK http://www.rhul.ac.uk
7 partner ITRUST CONSULTING SARL LU http://www.itrust.lu
8 partner JOHANN WOLFGANG GOETHE UNIVERSITAET FRANKFURT AM MAIN DE http://www.uni-frankfurt.de
9 partner IBM RESEARCH GMBH CH http://www.zurich.ibm.com
10 partner TECHNISCHE UNIVERSITEIT DELFT NL http://www.tudelft.nl
11 partner TECHNISCHE UNIVERSITAET HAMBURG-HARBURG DE
12 partner UNIVERSITE DU LUXEMBOURG LU http://wwwen.uni.lu
13 partner AALBORG UNIVERSITET DK http://www.aau.dk
14 partner HYPERION SYSTEMS LIMITED UK http://www.chyp.com
15 partner BiZZdesign Enterprise Architecture Solutions B.V. NL http://www.bizzdesign.com
16 partner Deloitte Accountants B.V. NL http://www.deloitte.nl
17 partner LUST BV NL http://www.lust.nl