Periodic Reporting for period 1 - SECONDO (a Security ECONomics service platform for smart security investments and cyber insurance pricing in the beyonD 2020 netwOrking era)
Période du rapport: 2019-01-01 au 2020-12-31
However, to achieve the highly accurate calculations of optimal security investments and hence insurance premiums, the following limitations must first be addressed: Asset interdependencies: the interdependencies of security vulnerabilities and the multidisciplinary nature of cyber threats is a problem not only with technological dimensions. Growing and evolving types of impact: the rapidly changing cyber landscape, which implies that historical may not reflect the most recent risk levels. Quantifying cyber risks: the lack of verified and standardised risk management methodologies that employ commonly agreed metrics and risk aggregators. Growing attack surface: technological inventions and modern paradigms that bring a new range of threats to both tangible and intangible assets. Security economics: the absence of effective applied econometric models that: a) guide and estimate the optimal investment in cyber security solutions; and b) compute optimal thresholds of residual risks that must be outsourced to a cyber insurer. Knowing the actual losses: the currently limited availability of established methods that can quantify the economic value of an insured organisation’s information loss and the general unwillingness on the part of companies to share such information. More inclusive cyber insurance: the role of an insurer as someone that merely protects is not the case anymore, given that clients demand preventative solutions to stop cyber incidents before damage is inflicted and they also ask for support during a crisis to avoid the paralysation of their businesses.
Considering the above limitations together with the emergence of GDPR and the rapid growth of cyber threats, there is an irrefutable need for developing new and automated tools to better explain and appropriately address existing and rising challenges through not technical approaches, but also through the lens of economic analysis.
Regarding the technical activities, the secondees finalized the reference platform architecture on time (D2.1). They defined the requirements of each module that consist of the general SECONDO platform. Moreover, they declared the technologies that will get used for developing each module. Except for designing, they chose some real-life use-cases that will assess the individual innovative SECONDO modules and the general platform efficiency. Its effectiveness will get evaluated on these, and then, based on the results, the necessary refinements will take place for designing the final version of the platform.
Also, the secondees delivered the Quantitative Risk Analysis Metamodel (QRAM) designing an innovative and risk-assessment methodology. The QRAM contains unique and innovative techniques developed by the SECONDO secondees. These are the evaluation model, risk assessment method as well as harmonization method. Also, for assessing the users' behavior an innovative and open-source tool is used (GoPhish).
Moreover, the Econometrics Module (ECM) was designed by the secondees. They developed a tool that will calculate the cost of attacks and will propose security tools together with costs for mitigating the risk. Furthermore, the Big Data Collection and Processing Module (BDCPM) got designed and initial development actions occurred by the active secondees.
Regarding the dissemination activities, the consortium of the SECONDO project is very active. First and foremost, the SECONDO project has its official website and official social media accounts in well-known social networks (Twitter, Facebook, LinkedIn, YouTube). The SECONDO consortium organized the 1st DESECSYS workshop (online) together with other EU projects. Furthermore, the secondees published several scientific publications in scientific journals and well-known conferences. These are available for free. The consortium designed brochures, leaflets, and banner; these get used with every chance for dissemination activities. A newsletter is issued every fourth month and gets shared via social media accounts and the website. The dissemination material is available for free on the official SECONDO website. Last but not least, the consortium participated in numerous events presenting the vision, aims, scope, and technical progress of the SECONDO project. Finally, the SECONDO platform will comply with well-known standards since the researchers follow popular and upcoming standardization groups.