The TREsPASS project

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

49 Downloads (Pure)

Abstract

Information security threats to organisations have changed during the last decade, due to the complexity and dynamic nature of infrastructures and attacks. Successful attacks cost society billions a year, impacting vital services and the economy. Examples include StuxNet, using infected USB sticks to sabotage nuclear plants, and the DigiNotar attack, using fake digital certificates to spy on website traffic. New attacks cleverly exploit multiple organisational vulnerabilities, involving physical security and human behaviour. Current risk management methods provide descriptive tools for assessing threats by systematic brainstorming. Attack opportunities are identified and prevented only if people can envisage them. This process is slow and exceeds the limits of human imaginative capability. Emerging security risks demand tool support to predict, prioritise, and prevent complex attacks systematically. The TREsPASS project will develop methods and tools to analyse and visualise information security risks in dynamic organisations, as well as possible countermeasures. An “attack navigator‿ will be built to identify which attack opportunities are possible and most pressing, and which countermeasures are most effective. To this end, the project combines knowledge from technical sciences (how vulnerable protocols and software are), social sciences (how likely people are to succumb to social engineering), and state-of-the-art industry processes and tools. By integrating European expertise on socio-technical security into a widely applicable and standardised framework, security incidents will be reduced, and organisations and their customers will make informed decisions about security investments. This increased resilience of businesses both large and small is vital to safeguarding the social and economic prospects.
Original languageUndefined
Title of host publicationICTOpen2013
Place of PublicationNetherlands
PublisherICTOPEN
Pages1-1
Number of pages1
ISBN (Print)not assigned
Publication statusPublished - Oct 2013
EventICT.OPEN 2013 - Eindhoven, Netherlands
Duration: 27 Nov 201328 Nov 2013

Publication series

Name
PublisherICTopen

Conference

ConferenceICT.OPEN 2013
CountryNetherlands
CityEindhoven
Period27/11/1328/11/13

Keywords

  • EWI-24650
  • EC Grant Agreement nr.: FP7/2007-2013
  • IR-90491
  • METIS-304056
  • EC Grant Agreement nr.: FP7/318003

Cite this

Montoya, L. (2013). The TREsPASS project. In ICTOpen2013 (pp. 1-1). Netherlands: ICTOPEN.
Montoya, L. / The TREsPASS project. ICTOpen2013. Netherlands : ICTOPEN, 2013. pp. 1-1
@inproceedings{936683d32fef40dbaee0c2af79bcf1df,
title = "The TREsPASS project",
abstract = "Information security threats to organisations have changed during the last decade, due to the complexity and dynamic nature of infrastructures and attacks. Successful attacks cost society billions a year, impacting vital services and the economy. Examples include StuxNet, using infected USB sticks to sabotage nuclear plants, and the DigiNotar attack, using fake digital certificates to spy on website traffic. New attacks cleverly exploit multiple organisational vulnerabilities, involving physical security and human behaviour. Current risk management methods provide descriptive tools for assessing threats by systematic brainstorming. Attack opportunities are identified and prevented only if people can envisage them. This process is slow and exceeds the limits of human imaginative capability. Emerging security risks demand tool support to predict, prioritise, and prevent complex attacks systematically. The TREsPASS project will develop methods and tools to analyse and visualise information security risks in dynamic organisations, as well as possible countermeasures. An “attack navigator‿ will be built to identify which attack opportunities are possible and most pressing, and which countermeasures are most effective. To this end, the project combines knowledge from technical sciences (how vulnerable protocols and software are), social sciences (how likely people are to succumb to social engineering), and state-of-the-art industry processes and tools. By integrating European expertise on socio-technical security into a widely applicable and standardised framework, security incidents will be reduced, and organisations and their customers will make informed decisions about security investments. This increased resilience of businesses both large and small is vital to safeguarding the social and economic prospects.",
keywords = "EWI-24650, EC Grant Agreement nr.: FP7/2007-2013, IR-90491, METIS-304056, EC Grant Agreement nr.: FP7/318003",
author = "L. Montoya",
note = "Foreground = 100{\%}; Type of activity = Workshop ; Main leader = UT; Type of audience = scientific community; Size of audience = 15; Countries addressed = national;",
year = "2013",
month = "10",
language = "Undefined",
isbn = "not assigned",
publisher = "ICTOPEN",
pages = "1--1",
booktitle = "ICTOpen2013",

}

Montoya, L 2013, The TREsPASS project. in ICTOpen2013. ICTOPEN, Netherlands, pp. 1-1, ICT.OPEN 2013, Eindhoven, Netherlands, 27/11/13.

The TREsPASS project. / Montoya, L.

ICTOpen2013. Netherlands : ICTOPEN, 2013. p. 1-1.

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

TY - GEN

T1 - The TREsPASS project

AU - Montoya, L.

N1 - Foreground = 100%; Type of activity = Workshop ; Main leader = UT; Type of audience = scientific community; Size of audience = 15; Countries addressed = national;

PY - 2013/10

Y1 - 2013/10

N2 - Information security threats to organisations have changed during the last decade, due to the complexity and dynamic nature of infrastructures and attacks. Successful attacks cost society billions a year, impacting vital services and the economy. Examples include StuxNet, using infected USB sticks to sabotage nuclear plants, and the DigiNotar attack, using fake digital certificates to spy on website traffic. New attacks cleverly exploit multiple organisational vulnerabilities, involving physical security and human behaviour. Current risk management methods provide descriptive tools for assessing threats by systematic brainstorming. Attack opportunities are identified and prevented only if people can envisage them. This process is slow and exceeds the limits of human imaginative capability. Emerging security risks demand tool support to predict, prioritise, and prevent complex attacks systematically. The TREsPASS project will develop methods and tools to analyse and visualise information security risks in dynamic organisations, as well as possible countermeasures. An “attack navigator‿ will be built to identify which attack opportunities are possible and most pressing, and which countermeasures are most effective. To this end, the project combines knowledge from technical sciences (how vulnerable protocols and software are), social sciences (how likely people are to succumb to social engineering), and state-of-the-art industry processes and tools. By integrating European expertise on socio-technical security into a widely applicable and standardised framework, security incidents will be reduced, and organisations and their customers will make informed decisions about security investments. This increased resilience of businesses both large and small is vital to safeguarding the social and economic prospects.

AB - Information security threats to organisations have changed during the last decade, due to the complexity and dynamic nature of infrastructures and attacks. Successful attacks cost society billions a year, impacting vital services and the economy. Examples include StuxNet, using infected USB sticks to sabotage nuclear plants, and the DigiNotar attack, using fake digital certificates to spy on website traffic. New attacks cleverly exploit multiple organisational vulnerabilities, involving physical security and human behaviour. Current risk management methods provide descriptive tools for assessing threats by systematic brainstorming. Attack opportunities are identified and prevented only if people can envisage them. This process is slow and exceeds the limits of human imaginative capability. Emerging security risks demand tool support to predict, prioritise, and prevent complex attacks systematically. The TREsPASS project will develop methods and tools to analyse and visualise information security risks in dynamic organisations, as well as possible countermeasures. An “attack navigator‿ will be built to identify which attack opportunities are possible and most pressing, and which countermeasures are most effective. To this end, the project combines knowledge from technical sciences (how vulnerable protocols and software are), social sciences (how likely people are to succumb to social engineering), and state-of-the-art industry processes and tools. By integrating European expertise on socio-technical security into a widely applicable and standardised framework, security incidents will be reduced, and organisations and their customers will make informed decisions about security investments. This increased resilience of businesses both large and small is vital to safeguarding the social and economic prospects.

KW - EWI-24650

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - IR-90491

KW - METIS-304056

KW - EC Grant Agreement nr.: FP7/318003

M3 - Conference contribution

SN - not assigned

SP - 1

EP - 1

BT - ICTOpen2013

PB - ICTOPEN

CY - Netherlands

ER -

Montoya L. The TREsPASS project. In ICTOpen2013. Netherlands: ICTOPEN. 2013. p. 1-1