CYBECO aims to advance beyond the state-of-the-art in several fields including cyber security, cyber insurance and Adversarial Risk Analysis (ARA).
The proposed model for cyber security overcomes many of the issues with current standards and methods in cyber security risk management, mostly based on risk matrices. Most saliently, CYBECO aims at providing ground-breaking advances in modelling the presence of adversaries in a cyber security context form the ARA perspective, later integrated into a cyber risk management strategy; a rigorous framework for cyber insurance, with appropriate pricing and segmentation, benefitting from Structured Expert Judgment (SEJ) methodologies to cope with lack of attack data and Multi-Attribute Utility Theory (MAUT) methods to properly value assets; from the technological point of view, CYBECO aims at providing a prototype tool implementing the framework to support risk management decision making in cyber security as well as providing policy insights into behavioural nudging in cyber security. CYBECO’s proposition has clearly a foundational nature, since it provides a new twist to cyber security, validated through experiments. It, therefore, covers the three transformational directions:
- As science is concerned, it aims to provide new methods for incorporating the nature of adversarial actions in risk calculations for cyber security and cyber insurance, new methods for countering lack of attack data through SEJ, better founded risk management approaches in cyber security, beyond risk matrices, and an integrated framework for deciding cyber security investments.
- As technology is concerned, a prototype tool which implements key aspects of the model and incorporates behavioural cyber security findings, and better founded and designed cyber insurance products.
- Finally, as society is concerned, a more rigorous framework for deciding cyber security investments and the identification of cyber security nudges, facilitating the development and adoption of more secure ICT practices, therefore benefiting society at large.