Dynamic Risk Management for Cyber Defence PANOPTESEC is producing a cyber defence decision support system that will account for the dynamic nature of information and communications technologies, and the always evolving capabilities of cyber threats. Innovating the Cyber Defence Technology AUTOMATION OF ATTACK AWARENESS AND RISK ASSESSMENT 1 ATTACK MODELLING Includes dynamic aspects of systems, services, threats, system vulnerability, and mission priority AUTOMATED RISK QUANTIFICATION based on attack graph models and mission dependency SEPARATION OF RISK EVALUATION into proactive and reactive treatment chains November 2013 October 2014 April 2014 MS8: Acceptance and Final Presentation July 2015 October 2016 September 2016 MS1: Project Kick-Off MS2: Preliminary Design Review MS3: Critical Design Review MS4: Component Prototype Delivery I MS5: Component Prototype Delivery II October 2015 MS7: Qualification Review MS6: Integration Prototype Delivery June 2016 Milestones of the PANOPTESEC Consortium ADVANCED MECHANISMS to capture and model mission and business process relationships to service and system dependencies 2 SUPERIOR VISUALIZATION TECHNIQUES for mission and business process risk display. Includes the representation of risk levels derived from risks in supporting services and systems 3 RESPONSE ASSISTANCE AUTOMATION to provide cyber defence operators with prioritised courses of action, recommendation for review and activation 4 PANOPTESEC Consortium
2
Embed
Dynamic Risk Management for Cyber Defence - PANOPTESECpanoptesec.eu/dissemination/Panoptesec Dynamic RIsk Management.pdf · Dynamic Risk Management for Cyber Defence PANOPTESEC is
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Dynamic Risk Management for Cyber DefencePANOPTESEC is producing a cyber defence decision support system that will account for the dynamic nature of information and communications technologies, and the always evolving capabilities of cyber threats.
Innovating the Cyber Defence Technology
AUTOMATION OF ATTACK AWARENESS AND RISK ASSESSMENT
1
ATTACK MODELLINGIncludes dynamic aspects of systems, services, threats, system vulnerability, and mission priority
AUTOMATED RISK QUANTIFICATIONbased on attack graph models and mission dependency
SEPARATION OF RISK EVALUATIONinto proactive and reactive treatment chains
November 2013October 2014
April 2014
MS8: Acceptance and Final Presentation
July 2015October 2016
September 2016
MS1: Project Kick-Off
MS2: Preliminary Design Review
MS3: Critical Design Review
MS4: Component Prototype Delivery I
MS5: Component Prototype Delivery II
October 2015
MS7: QualificationReview
MS6: Integration Prototype Delivery
June 2016
Milestones of the PANOPTESEC Consortium
ADVANCED MECHANISMSto capture and model mission and business process relationships to service and system dependencies
2
SUPERIOR VISUALIZATION TECHNIQUESfor mission and business process risk display. Includes the representation of risk levels derived from risks in supporting services and systems
3
RESPONSE ASSISTANCE AUTOMATIONto provide cyber defence operators with prioritised courses of action, recommendation for review and activation
4
PANOPTESEC Consortium
www.panoptesec.eu
For further information about the PANOPTESEC initiative, you are kindly invited to contact Douglas Wiemer, Member of the PANOPTESEC Steering Committee, at [email protected]
The PANOTESEC initative has led to the creation of two product lines: Business Risk Management and Security Incident Management. These cover a full range of security services at both business and operational levels. The decision support system operates according to integrated proactive and reactive treatment chains, protecting organizations from cyber security breaches.
The Elements Behind the Security Portfolio
Accurate identification and capturing of the mission or business process dependencies on supporting networks and systems in a repeatable manner.
Automated calculation of the priority systems to defend based on mission or business process priorities. Complete mapping of the supporting networks and systems.
Automated collection and correlation of system configuration, status, and events from multiple sources.
Automated collection and correlation of cyber security system data (e.g., vulnerability scanner data, intrusion detection system data) from multiple sources.
Automated assessment of mission and business process risks in response to the dynamic nature of the networks, systems, and threats.
Automated derivation of prioritized risk response activities (courses of action) including prioritization of proactive and reactive mitigation actions.
Follow PANOPTESEC
This project has received funding from the European Union’s Seventh Framework Programme for research, technological development and demonstration under grant agreement no 610416.
Automated deployment of policy based risk mitigation actions, following operator intervention.
A Cyber Security System for Business and Operations