TREsPASS Book 1: Picturing Risk

Information security threats to organisations have changed immensely over the last decade, due to the complexity and dynamic nature of infrastructure and attacks. Successful attacks cost society billions a year, impacting vital services and the economy. Examples include StuxNet, in which infected USB sticks were used to sabotage nuclear plants, and the DigiNotar attack, in which fake digital certi cates were used to spy on website traf c. New attacks cleverly exploit multiple organisational vulnerabilities, involving physical security and human behaviour. Defenders need to make rapid decisions regarding which attacks to block, as both infrastructure and attacker knowledge change rapidly. Current risk management methods provide descriptive tools for assessing threats by systematic brainstorming. Attack opportunities will be identified and prevented only if people can envisage them. In today’s dynamic attack landscape, this process is too slow and exceeds the limits of human imaginative capability. Emerging security risks demand tool support to predict, prioritise, and prevent complex attacks systematically. The TREsPASS project has developed methods and tools to analyse and visualise information security risks in dynamic organisations, as well as possible countermeasures. An Attack Navigator has been built to help security practitioners model which attack opportunities are possible and most pressing, and which countermeasures are most effective. To this end, the project combines knowledge from technical sciences (to identify the vulnerabilities of technological networks), social sciences (to identify the vulnerabilities of social networks), and state-of-the-art industry processes and tools, such as The Open Group’s ArchiMate modelling language. The TREsPASS project included a work stream to explore the visualisation of cyber security risk. The goal of this work stream was to extend the state of the art in cyber security risk tools by developing visualisations that combine information visualisations with techniques from critical cartography and digital humanities to articulate different socio-technical dimensions of risk and provide tools through which to explore these dimensions. This work stream produced three types of visualistion: • Artistic visualisations, which articulate the cultural dimensions to security risks; • Journalistic visualisations, which articulate the relationships between risks and the data ows within an organisation and the workings of the risk model; and • Scientific visualisations, which contribute to the quantification of the qualitative risk data, articulate the attack and defence interaction (for which attack-defence trees are our start point) and enable the user to calculate risk from different perspectives and perform root cause analysis on risks to complex information flows. This book presents an overview of the outputs of this work stream.