Periodic Reporting for period 2 - CyberWiz (Cyber-Security Visualization and CAD-Tool for the Vulnerability Assessment of Critical Infrastructures)
Berichtszeitraum: 2016-09-01 bis 2017-08-31
Managing cyber security is however very challenging. ICT architectures are typically composed of a large number of systems, processes and individuals connected to form a complex system-of-systems. Enterprise cybersecurity decision maker cannot be expected to have the deep understanding of all types of ICT security vulnerabilities and their dependencies that is needed in order to make insightful proactive decisions. As a result, they struggle to get an objective and fact-based overview of where they are more or less vulnerable and what investments to prioritize. This is where enhanced tool support - as securiCAD - can provide significant value to enterprises.
The purpose of this project is to help enterprise decision makers analyse their cybersecurity posture in a meaningful and understandable way. The project among other improves and adapts the tool securiCAD to the need of critical infrastructure operators, and test in realistic condition with two critical infrastructure operators in Germany. The project objectives have been structured in 3 key areas, supported by specific exploitable results:
- Adapt and improve the solution based on customer feedback
- Validate the practical value of the solution
- Develop best practices guidelines and methodologies and encourage widespread adoption of the solution
Project work has included the following:
Improving the solution, including both securiCAD® Professional and Enterprise Edition.
Demonstrating the practical value of securiCAD®. Two pilot projects in the energy sector were conducted. These were well received by the customers. Further, a Turing test of the securiCAD® software has been carried out to benchmark it with domain experts. It was found that securiCAD® performed at least as good as domain experts.
To support consultants in securiCAD® projects, a set of documents called “Guidance and best practice” were developed. Further, a partner certification scheme was developed. Being certified implies that the consultant knows how to properly leverage the securiCAD® solution and provide the outmost quality to the end customer.
A large number or communication activities were performed to ensure good dissemination about the project and the solution. This includes issuing press releases, writing and submitting articles in reputable magazines, attending conferences, driving social media communication, and more.
For commercialization activities, the project has developed and executed on a commercialization plan. Execution activities includes development of sales material and proof of concept, conducting customer sales meetings, defining processes for support, training, and delivery, attracting funding, and more.