Semi-Automated Cyber Risk Management 

Over the last several decades, our society has become increasingly digitalised. Critical infrastructures depend on digital infrastructures, and these dependencies increases our digital risk: we can no longer go back to using pen and paper. 

We no longer believe that we can prevent all unwanted incidents. We have limited resources, and we have to prioritise how to use them. Risk management is the method used to make these priorities.

Rapid changes

The risk landscape changes rapidly, and it is increasingly difficult to keep track of every new potential risk. We have large amounts of data from existing security monitoring systems, but this data is rarely used to determine risk. Risk assessment is currently a manual process: humans make subjective assessments based on reports and situational awareness rather than data and threat intelligence. 

Our project goal is to increase the use of security data in risk assessments, and to develop tools that can automate or semi-automate the cyber risk management process.

As a result, we expect more accurate risk assessments and an improved situational awareness for decision makers. This will improve the decisions on how to prioritise the use of resources for cyber defence. Our intended effect is to improve the defensive ability and reduce costs for both industry and public sector.