UNDERSTANDING AND MANAGING COMPLEXITY

Complexity is a central challenge for IT resilience faced by large organizations of all sectors. Corporate IT systems have many nested and connected layers. This inter-dependencies generates (cyber) risks.

  • Complexity in cyber security is mainly driven by multiple different IT systems (e.g. legacy, specialized systems) and other layers (e.g. process, people) accumulated over time, superposed, and connected to each other - creating many dependencies between different systems and layers.
  • These dependencies make it difficult to manage security issues and thus expose the organization to security and business continuity risks.
  • Therefore, understanding existing complexity is a prerequisite to reduce or better manage risks, in order to build cyber security resilience.

MODELING IT DEPENDENCIES FOR IT RESILIENCE

Our innovation: create a new structured, unified abstract layer, which we call “dependencies”. This layer consists of components (technical, process, users) and their relationships with each other (dependencies)

This new level of abstraction allows to describe, analyze, prioritize, and make decisions about IT systems, cyber security and resilience, without having to go into technical details (i.e. specific implementation).

We are developing rigorous and formally-grounded techniques for specifying complex systems and automatically analyzing their behavior with respect to a resilience goal and threat/disruption model. This leverages our 10+ year experience in academic research in formal methods/programming languages.

BUILDING BIG IT RESILIENCE Model

We work with client teams to design, build, and analyzse the IT dependency model right for every organization, leveraging our technology and tools. We license our tools so customers can manage their IT complexity independently after an intial project (if requested).