This project addresses the following two key questions in cyber security: (1) how is the security condition of a network assessed, and (2) to what extent can we predict data breaches or other cyber security incidents for an organization. The ability to answer both questions has far-reaching social and economic impact. Recent data breaches such as those at Target, JP Morgan, Home Depot, Office of Personnel Management (OPM), and Anthem Healthcare, to name just a few, highlight the increasing social and economic impact of such cyber security incidents. Often, by the time a breach is detected, it is too late and damage has already occurred. Consequently, being able to predict such incidents accurately can greatly enhance an organization's ability to put preventative and proactive measures in place. The answers to these questions also have implications on public policy design - not only for the security policies themselves, but also for related incentive mechanisms. Such mechanisms might be aimed at encouraging adoption of better security policies and cybersecurity frameworks, including cyber insurance, liability limitation, and rate recovery among others. Presidential Policy Directive (PPD) 21, on Critical Infrastructure Security and Resilience, encourages efforts to strengthen and maintain secure, functioning, and resilient critical infrastructure. Understanding the potential attack vector presented by an enterprise or organization is a crucial part of achieving this goal. This project follows a comprehensive agenda aimed at transitioning to practice technologies developed by the research team in the domain of quantitative assessment of the security posture at both a network and an organizational level. The use of such assessments enables more accurate forecasting of cyber security incidents. The technological innovation is a sound quantitative framework that combines a large collection of cybersecurity data, novel data processing methods, advanced machine learning techniques, and extensive cybersecurity domain expertise. The resulting framework produces accurate predictions of security incidents for a given organization, thereby providing tangible information and crucial input for decision makers such as an insurance underwriter, or an enterprise customer seeking to validate vendor specifications.
TTP: Small: Network-Level Security Posture Assessment and Predictive Analytics: From Theory to Practice