Con esta herramienta te facilitamos un acceso a todas las ofertas y demandas de tecnología europeas y a búsquedas de socios para participar en propuestas europeas de I+D publicadas en la red Enterprise Europe Network, pudiendo filtrar los resultados para facilitar las búsquedas más acordes con tus necesidades.

¿Quieres recibir estos listados de oportunidades de colaboración en tu correo de forma periódica y personalizada? Date de alta en nuestro Boletín

Los términos de búsqueda han de ser en inglés.

An innovative tool for monitoring security and cyber-security risks

Resumen

Tipo:
Oferta Tecnológica
Referencia:
TOIT20210412001
Publicado:
22/04/2021
Caducidad:
23/04/2022
Resumen:
An Italian SME has developed an innovative tool for monitoring security and cyber-security risks in complex organizations. The Innovative tool will semi-automatically analyze the relevance of the risks enhancing the organization [Cyber-]Security profiling and the capturing of weak signals of incoming attacks or attempts. The SME is looking for marketing and commercial agreements with technical assistance, mainly in Europe and extra-UE. The SME is also open to research cooperation agreements.

Details

Tittle:
An innovative tool for monitoring security and cyber-security risks
Summary:
An Italian SME has developed an innovative tool for monitoring security and cyber-security risks in complex organizations. The Innovative tool will semi-automatically analyze the relevance of the risks enhancing the organization [Cyber-]Security profiling and the capturing of weak signals of incoming attacks or attempts. The SME is looking for marketing and commercial agreements with technical assistance, mainly in Europe and extra-UE. The SME is also open to research cooperation agreements.
Description:
The Italian SME innovative tool is suited for monitoring security and cyber-security risks in complex organizations. System users can spoil relevant cybersecurity issues before problems are detected by network or endpoint sensors and support also the identification of ´precursors´ of cybersecurity incidents (e.g., recurrent emails hiding highly targeted phishing campaigns, problems and delays in system usage covering an ongoing Disk Operating System (DoS) attack, etc.). By adopting the "Humans as Sensors" approach, staff and employees are encouraged to provide short qualitative narratives about issues and any kind of problem experienced in their daily work through a usable and simple web-based reporting tool.
The Innovative tool will semi-automatically analyze the relevance of the risks and group them in organizational categories of concern (e.g., procedures, tools, environment, etc.) enhancing the organization [Cyber-]Security profiling and the capturing of weak signals of incoming attacks or attempts.
More in detail, the innovative tool application will support the following steps:
1. Collect qualitative narratives from staff about issues experienced in their daily work (front-line operators, back-office, Sys-admins, managers, security officers, etc.). - Employees are invited to submit a narrative about "something that caused you to hassle during your work during the previous week". Staff is encouraged to use their own language and style. No further guidance or restrictions are provided (issues not necessarily linked to security). Narratives are entered into a database with identifiers removed.
2. Analyse their relevance for Security and group them in organizational categories of concern (e.g. procedures, tools, environment, etc.) - Narratives are discussed and annotated (for clarification) collaboratively by a domain expert and a security expert to understand if they are vulnerabilities, weak signals/precursors, symptoms of an ongoing attack. Narratives are analyzed and grouped into categories (e.g. equipment, network, mobile devices, password management, staff, procedures, etc.) by use of tags. Non-security issues relevant to other key performance areas (KPAs) are forwarded to those who may be concerned.
3. Assess impact: survey the staff on collected issues and prioritize them in a rank - Questionnaires are periodically sent to the staff (selected sample or all employees) to understand the magnitude of concern (how many people are affected by the identified issue?). All the issue are prioritized collaboratively involving also the staff to increase cyber-security culture and foster engagement on security issues.
4. Execute improvements for quick wins and plan long-term changes - The result is a ranking of both concerns and critical organizational areas, with a collaborative approach. Solutions and improvements can be planned according to severity, frequency of concern, and available budget. Implemented solutions are presented to the staff to show enhancement. Dashboards and trends help the decision-making process by proposing aggregate and detailed data views.
In addition, motivation for security measure acceptance from the employees and managers will be analyzed and taken into account to enhance the end-users Cyber-Security Culture through dedicated awareness, gaming, and training activities. The overall innovative tool collaborative process will have a positive impact on engagement and future reporting of problems related to security.
The company is looking for commercial agreements with technical assistance and research cooperation agreements. The goal is to assess new potential markets, to develop and design ad-hoc solutions to integrate them in different contexts. Europe collaborations are preferred but the SME is open also to extra-EU agreements.
Advantages and Innovations:
The developed tool is highly innovative since it supports and integrates the collection of unstructured evidence through the Humans as a Sensor (HaaS) paradigm. The innovative tool creates and fosters an easy and automated reporting mechanism that simplifies the task of identifying vulnerabilities and ongoing attacks, alerting cyber-security experts, providing support for rapid decision making, and improving the overall cyber-security posture of an organization through the direct involvement of humans (i.e., employees) as "sensors" of anomalies.
Humans are the frontline detecting anomaly behaviors resulting from malware or unauthorized access before infections or penetrations are noted by the automatic endpoint or network sensors.
The main advantages of the innovative tool methodology are:
1. The innovative tool has been already applied for safety in different critical domains such as healthcare and aviation
2. The innovative tool supports the identification of organizational and technical latent vulnerabilities, attack precursors, weak signals, and ongoing attacks
3. The innovative tool can be integrated with more technical software detecting tools provides the big picture
4. The innovative tool supports a collaborative process involving many different stakeholders in an organization and thus increases staff security awareness and engagement
Stage of Development:
Available for demonstration
IPs:
Secret know-how

Partner sought

Type and Role of Partner Sought:
The partners sought for are:
- companies (public and/or private), preferred those in any industrial sector with the security issues. The partner should provide the company with all information about its product/service, clients, etc. in order for the company to set up a customized marketing campaign/field test measurements
- Research centers and universities for partnering in research projects

Client

Type and Size of Client:
Industry SME 11-49
Already Engaged in Trans-National Cooperation:
Si
Languages Spoken:
English
Italian

Keywords

Technology Keywords:
01003001 Advanced Systems Architecture
01003003 Artificial Intelligence (AI)
01003009 Data Protection, Storage, Cryptography, Security
01003015 Gestión de conocimiento, gestión de procesos
01003025 Internet of Things