Cybersecurity Risk Planner | Engineering Clinic

Overview

Project Code: 17054
Project Title: Cybersecurity Risk Planner
Project Type: Industry
Project Intellectual Property: Company Controlled
Project Citizenship Restriction: Yes

Project Details

Sponsor Company: General Dynamics
Description: Project goal: To develop a cybersecurity risk-modeling tool that combines national standards to frame an original mathematical algorithm. Cybersecurity risk can be difficult to anticipate and plan for, which is driving demand for more quantitative, repeatable and comprehensive methods of cybersecurity risk estimation. The team developed a cybersecurity risk-modeling tool that combines the principles of National Institute of Standards and Technology Risk Management Framework and the Open Group Standard Risk Taxonomy to frame an original mathematical algorithm. The tool uses empirical data and a Monte Carlo simulation that runs more than 10,000 iterations to quantify the cybersecurity risk based on user-defined threat sources. It also defines predisposing conditions and countermeasures for a given system, a time frame for evaluation, and a potential monetary impact of exposure. The tool combines Python scripting and an SQL database to store data, run the simulation, and interface with the user. The report produced gives data on realistic impacts and likelihoods of risk and vulnerabilities, as well as risk-mitigation recommendations, in a format suitable for non-technical users.