SYCAMORE: Vulnerability Analysis and Risk Assessment of Cyber Security Policies

"Sycamore automates the process of analysing the logical vulnerability of business operations and assessing the risks associated with the security policies of organisations working in digital businesses. The tool can operate in monitoring mode, implementing full scenarios and in predictive mode, analysing the potential risks associated with particular security policies. It is based on semantic technologies and works with standard logical models of business operations and security policies which can be developed using standard semantic modeling tools such as Protégé and OntoEdit. The tool loads business models and security policies in OWL and SWRL format. The output of the analysis is presented in a graphical format as a flowchart, augmented with information about the vulnerability and risks. Sycamore serves the needs of large corporates, business and service providers and midrange companies which use third-party services.

Sycamore has been tested in several application domains related to cyber security and safety management -- cross-channel fraud in digital banking, evacuation policy in public safety and business workflow management. It has been made commercially viable product with the support of DCMS on the basis of previous research and experimental development by an academic team of the Cyber Security Research Centre of London Metropolitan University."