UNDERSTANDING AND MANAGING COMPLEXITY
- Complexity in cyber security is mainly driven by multiple different IT systems (e.g. legacy, specialized systems) and other layers (e.g. process, people) accumulated over time, superposed, and connected to each other - creating many dependencies between different systems and layers.
- These dependencies make it difficult to manage security issues and thus expose the organization to security and business continuity risks.
- Therefore, understanding existing complexity is a prerequisite to reduce or better manage risks, in order to build cyber security resilience.
MODELING IT DEPENDENCIES FOR IT RESILIENCE
Our innovation: create a new structured, unified abstract layer, which we call “dependencies”. This layer consists of components (technical, process, users) and their relationships with each other (dependencies)
This new level of abstraction allows to describe, analyze, prioritize, and make decisions about IT systems, cyber security and resilience, without having to go into technical details (i.e. specific implementation).
We are developing rigorous and formally-grounded techniques for specifying complex systems and automatically analyzing their behavior with respect to a resilience goal and threat/disruption model. This leverages our 10+ year experience in academic research in formal methods/programming languages.