Share these talks and lectures with your colleaguesInvite colleagues
A framework for quantifying cyber security risks
Recent years have seen an increasing amount of information becoming available which is of benefit to the security risk process. Traditionally, security risk management is an asset-based, qualitative process based on expert opinion and information at hand; periodically a group of experts assesses applicable risks and determines correct risk levels and whether new risks should be added to the list. This paper proposes a threat-based, traceable quantitative risk management approach that uses current information to quantify risks. This leads to a near real-time risk process, where available information is processed, and the risks are automatically updated. The approach was tested in practice at the main banks in the Netherlands.
The full article is available to institutions that have subscribed to the journal
Reinder Wolthuis is a Senior Project Manager and consultant with more than 20 years’ experience in innovation of information and cyber security. He has participated in and led many security projects, involving innovations in (cyber) security, conducting security benchmarks and assessments and security consulting. Reinder is a regular presenter at conferences and has also participated in several European funded projects on security. Reinder previously worked for KPN Research and Atos Origin and joined TNO in 2006. Currently he is involved in a number of cyber security projects for companies in the telecom and banking sector. He is the initiator and programme manager for two large cyber security shared research programmes with the Dutch financial sector (ABN AMRO, ING, Rabobank, de Volksbank, Achmea, TNO): Shared Research Program Cybersecurity 2014–2020 and Partnership for Cyber Security Innovation 2020–2023. Reinder coordinates the EU H2020 project SOCCRATES (SOC & CSIRT Response to Attacks & Threats based on attack defence graphs evaluation systems) on security automation, and since 2018 is involved in the North-Netherlands cyber security programme on automated security and is the Lead for the North-Netherlands cyber security research roadmap. He is interested in security risk management, security automation and user-security interaction.
Frank Phillipson is Senior Scientist with over 20 years’ experience in ICT network modelling and optimisation. He graduated in econometrics and operations research from VU University Amsterdam and in applied mathematics from Delft University of Technology. He obtained a PhD in applied mathematics at VU University Amsterdam. He has been involved in numerous projects for customers on fixed and mobile network optimisation and robustness. Frank is (co-)author of over 60 papers and has supervised many Master’s students working on their thesis at TNO.
Hidde-Jan Jongsma is a Cyber Security Researcher at TNO, where he works on and manages projects ranging from risk modelling to binary analysis. His main focus is on digital self-sovereign identity (SSI), where he helps develop, apply and standardise innovative, privacy friendly digital identity solutions, and on automated vulnerability research, using the newest developments in smart-fuzzing and AI to create more secure IT systems. Hidde-Jan joined TNO in 2017 after obtaining a PhD in applied mathematics from the University of Groningen. Since then, he has developed several award-winning (blockchain) solutions for supply side tracking and interconnectivity of SSI technologies in Europe’s leading hackathon (Odyssey, formerly Blockchaingers). Since 2018, Hidde-Jan has been the Cyber Security Project Lead for the Cyber and Electromagnetic Activities programme at TNO.
Peter Langenkamp is a Cyber Security Researcher with experience in the fields of risk analysis, secure multi-party computation and self-sovereign identity. Having obtained his PhD in physics at the University of Groningen, Peter joined the Cyber Security and Robustness department of TNO in 2018. There, he has been involved in projects relating to, among others, third-party security assurance, quantifying risks in vital sectors and detection of money laundering. Recently, he participated in the Self-Sovereign Identity challenge of the Odyssey Momentum 2020 hackathon as a member of the OdySSI team with their winning SSI service provider solution.