Research Perspectives - Tools for Visualisation of Portfolios
EPSRC logo

EPSRC Database


Source RCUK EPSRC Data

EP/K006266/1 - Cyber Security Cartographies: CySeCa

Research Perspectives grant details from EPSRC portfolio

http://www.researchperspectives.org/gow.grants/grant_EPK0062661.png

Dr L Coles-Kemp EP/K006266/1 - Cyber Security Cartographies: CySeCa

Principal Investigator - Information Security, Royal Holloway, Univ of London

Other Investigators

Dr L Cavallaro, Co InvestigatorDr L Cavallaro

Dr G Hancke, Co InvestigatorDr G Hancke

Dr G Price, Co InvestigatorDr G Price

Dr A Tomlinson, Co InvestigatorDr A Tomlinson

Scheme

Standard Research

Research Areas

Graphics and Visualisation Graphics and Visualisation

Human-Computer Interaction Human-Computer Interaction

ICT Networks & Distributed Systems ICT Networks & Distributed Systems

Start Date

11/2012

End Date

05/2016

Value

£753,394

Similar Grants

Automatic generation of similar EPSRC grants

Similar Topics

Topic similar to the description of this grant

Grant Description

Summary and Description of the grant

"The growth of the internet has been the biggest social and technological change of my lifetime [...] It will have a huge role to play in supporting sustainable development in poorer countries. At the same time our increasing dependence on cyber space has brought new risks, risks that key data and systems on which we now rely can be compromised or damaged, in ways that are hard to detect or defend against." Francis Maude - UK Cyber Security Strategy.

In the cyber environment the balance between benefit and harm so clearly articulated by Francis Maude can also be found at the organisational, as well as national and global, level. Cyber space enables many opportunities and provides an environment in which businesses can diversify and tailor their services. At the same time, this range of opportunities also creates critical vulnerabilities to attack or exploit. In order to protect their estate security managers combine organisational , physical and technical controls to provide robust information asset protection. Control lists such as the one found in Annex A of ISO 27001 have long acknowledged the need for the three types of controls but no security management methods are available to systematically combine them. In the complex cyber environment a security manager has limited visibility of technical, physical and organisational compliance behaviours and controls and this makes it difficult to know when and how to select and combine controls. Research has, to date, not been undertaken to understand how a security manager selects the appropriate control combination. In addition, risk management techniques do not include visualisation methods that can present a combined picture of organisational and technical asset compliance behaviours. This problem is exacerbated by the lack of systematic research of the cultural and organisational techniques used by security managers resulting in limited guidance on cultural and organisational security management approaches.

In order to respond to this problem, we plan to:
- Explore how a security manager develops, maintains and uses visibility of both organisational and asset compliance behaviours for the management of cyber security risks.
- Better understand how organisational controls and technical controls are used in combination.
- Evaluate the use of different visualisations in the risk management process as a means to extend a security manager's ability to deploy combinations of organisational and technical controls in the cyber context.

The research will combine a novel application of social network analysis, apply and develop anomaly detection techniques at the technical asset cluster level and integrate interpretive cartography with informational cartography.

In exploring this practical security management problem, we aim to develop a socio-technical research design in which organisational and network security research techniques can both be deployed in their own research paradigm and use visualisation techniques to systematically synthesise the outputs into a robust socio-technical response.

The planned outputs and deliverables from the CySeCa research are:
- Methods for combining and evaluating combinations of technical and organisational security controls
- Methods and design principles for visualising and analysing combined organisational and technical compliance behaviours
- Use cases and case study reports



Structured Data / Microdata


Grant Event Details:
Name: Cyber Security Cartographies: CySeCa - EP/K006266/1
Start Date: 2012-11-12T00:00:00+00:00
End Date: 2016-05-11T00:00:00+00:00

Organization: Royal Holloway, Univ of London

Description: "The growth of the internet has been the biggest social and technological change of my lifetime [...] It will have a huge role to play in supporting sustainable development in poorer countries. At the same time our increasing dependence on cyber space has ...