System Security Modeller

"With online banking and shopping being ever more critical to our daily lives and health data increasingly going online, protecting the security of our IT systems has never been more important.

We have a cyber-security system modelling prototype which has reached a maturity level where it is already of interest to adopters in multiple sectors. The System Security Modeller (SSM) will improve the security of IT systems, reducing personal data breaches and system downtime. The tool analyses a complete IT system: networks, computers, processes, data, operators, users and physical and legal spaces. Using a novel threat and control identification technique we can identify threats from hackers, employees, software failure or misconfiguration and highlight non-compliance with data protection regulations. Our tool lets a user assess which threats have the highest risk (likelihood and impact) and propose appropriate security measures (data encryption, firewalls, etc.) which should be implemented.

The SSM will automatically identify threats in an IT system, assess the risk level and choose the appropriate security controls (ISO 27005 process) significantly more robustly, reliably and efficiently than current practice. Security costs will be reduced and cyber-security increased supporting the UK's dependence on increasingly networked IT systems in business and society."