Integrated model for the management of the complexity risk and resilience of secure information infrastructure
Lead Participant:
INFORMATION GOVERNANCE LIMITED
Abstract
The iGRC Consortium launched its integrated dynamic risk management operational capability on 15th December 2011. Focused on the protection of critical national infrastructure from cyber attack, the iGRCTM capability combines Infogov’s leading Proteus® Enterprise information security management system with network security related sensor technologies via the Consortium’s open governance, risk and compliance inter-operability protocol, iGRCTM. The demonstration was about handling customer credit card payments in accordance with PCI DSS 2.0. Four scenarios were used: (1) disclosure of card payment details via email, (2) unauthorised system access, (3) unauthorised changes to executable files and (4) system access by ex-employees. The Proteus iGRCTM capability provides accurate understanding of the risk profile, whilst providing: dynamic risk management; insurance for high impact low probability risk events; derivation of security intelligence from the ICT estate; linkage of risk operations to management; exploitation of existing sensor information and verification of risk assessments.
Lead Participant | Project Cost | Grant Offer |
---|---|---|
INFORMATION GOVERNANCE LIMITED | £877,132 | £ 323,869 |
  | ||
Participant |
||
CRANFIELD UNIVERSITY | £99,004 | £ 99,004 |
ENT SERV UK LIMITED | £80,899 | £ 29,873 |
LOUGHBOROUGH UNIVERSITY | £108,087 | £ 108,087 |
BIRKBECK COLLEGE | £107,394 | £ 107,394 |
ASSURIA LIMITED | £161,653 | £ 59,688 |
NEXOR LIMITED | £225,792 | £ 112,896 |
People |
ORCID iD |