WISER: the European innovative framework on cybersecurity

WISER “WIDE-IMPACT CYBER SECURITY RISK FRAMEWORK”
www.cyberwiser.eu @cyberwiser
Co-funded by the European Commission
Horizon 2020 – Grant # 653321
WISER: the European innovative
framework on cybersecurity
March 2016
1

Summary
What is WISER?
WISER is a European collaborative Innovation Action that puts
cyber-risk management at the very heart of good business practice.
Started on June 1st 2015, by 2017 WISER will provide a cyber-risk
management framework able to assess, monitor and mitigate the
risks in real-time, in multiple industries.
Who stands to benefit?
SMEs
Financial insurance
Critical Infrastructure organisations or highly complex cyber systems
Cyber secure, innovative smart energy providers
Who is involved? Six European Partners collaborating
2WISER presentation to ENISA, March 2016 © WISER 2016 www.cyberwiser.eu - @cyberwiser

Cybersecurity: A raising concern
1,673 reported data breaches in 2015, which resulted in more
than 707.5 million records being compromised worldwide.
The British insurance company Lloyd’s estimates that cyber
attacks cost businesses as much as $400 billion a year
Malware attacks in 2015 nearly doubled to reach up to 8.19
billion, from 4.2 billion in 2014
41% of IT personnel admitted to not following the same
security protocols they are expected to enforce
1 in 8 legitimate websites have a critical vulnerability
Some figures on cybercrime
Despite the relevance of the threat, awareness on cybersecurity is still low.
Affordable solutions, especially for SMEs, are yet to be seen on the market.

The WISER perimeter & positioning
The goal of WISER is to deliver solutions that require less consultancy to perform
cybersecurity assessment & improvements, through innovative methodologies
WISER has a high level innovation potential and commits its resources also
to create awareness & a global cybersecurity culture
Combining risk
management (in real-time!)
with security techniques
Interesting services
Attention to SMEs
The online component
The RPS delivery model
Sustainability

Innovation elements brought in by WISER
It is not simply about monitoring cyber incidents, it is about
assessing the risks present within a company
The risk assessment considers the potential damage to the ICT
infrastructure and the damage to the business of the company,
including various aspects, such as reputational implications – a
multi-level assessment
This risk evaluation evolves with the rapid dynamics that are
inherent with the cyber “climate”
This evaluation is performed by means of a novel methodology, to
be elaborated in the project
Modelling cyber risk, using patterns
Definition of mitigation measures according to the threats and
attacks and ranking based on different criteria
Ultimate goal: Make cyber risk assessment affordable, especially to
SMEs
Going beyond the state of art

How does it work?
Cyber risk assessment
follow-up
Monitoring: events and
alarms detection and
follow-up
Testing: vulnerabilities
scanning and follow-up
Modelling
Decision Support
The WISER framework delivers capabilities that are unparalleled with
respect to current offering. SMEs are enticed by means of “freemium”
services (i.e. the “CyberWISER-Light”)
Innovative capabilities and features
Basic and detailed visualization of reports
Graphic dashboard with analytical features
Configurable alerts
Periodical execution of vulnerability scans
Basic and detailed information of
vulnerabilities found
Assistance to derive model rules from risk
models
Assistance to decide the most suitable risk
model according to the business and ICT
profile of the company
Cost-benefit analysis of mitigation measures
Quality Criteria Assessment of risks

WISER’s workplan
Main services that will be delivered
Milestone Description Date Beneficiaries
First concrete WISER
tool Includes user-
friendly approach to
increase awareness
through self assessment
Online from
March 2016
SMEs, General public
Pre-packaged solution
for real time risk
assessment
Delivered by
December 2016
SMEs and ICT systems in
general
On-demand services for
real time and cross-
system assessment of
vulnerabilities and
threats
Delivered by
December 2016
Critical infrastructure or
highly complex cyber
systems

WISER will come in a 3-level service range, to
impact on the broadest audience possible
 Registration and basic data
required to Clients
 WISER tests
vulnerabilities from
the outside
 Provides basic
benchmarking
 Detailed business and IT
infrastructure data required
 Model selection based on
WISER suggestion or tailored
 Sensors installation at the
network layer level
 Real time exposure
calculation
 Monitoring
 Mitigation options
considered
 WISER team limited support
 Detailed business and IT
infrastructure data required
 Possibility to implement Client’s
models
 Possibility to perform cost/benefit
analysis on the base of Client’s
indications
 Sensors installation at the
application layer level
Required
Interaction
 Real time exposure calculation
 Monitoring
 Mitigation cost benefit
calculations
 WISER team full involvement
Complexity of WISER
Operating Model

Cyberwiser-light: A self assessment tool for SMEs
It’s the first and most “democratic” tool produced by WISER
Goals:
Provide a very first approach to the cybersecurity problem to a large
variety of companies with no experience or awareness in the field
Provide a very crude, and yet relevant, picture of the company
situation with respect to cyber climate
Minimum time investment by the end-user
Report generated from two different domains:
Business and ICT profile of the company
Vulnerabilities detected
Algorithm producing reports reflecting
How the company profile influences its cyber risk situation
How the vulnerabilities detected impact the business of the company.
Online from March 2016, accessible for free on
www.cyberwiser.eu

WISER’s Early Assessment Pilots (EAPs)
Our “early customers” are from different backgrounds
SMEs IT Providers
Verticals
Public Authority

Design: WISER Framework schema
The WISER framework manages to combine risk assessment with
cybersecurity best practice techniques, and it does so in real-time
The logical blocks of the framework include a risk
assessment engine and a decision support system

Cyber risk assessment @ WISER & the
iterative process with the end-user
Cyber Risk
Assessment
ReportAlgorithm
Interpreter
(mapping)
Target
infrastructure
Vulnerabilities
(testing)
Events/Alarms
(monitoring)
Business and ICT
profile information
Inputs
Risk model
(model rules)
Model
(R1,R2,…,Rn)
RA 1, M1
RA 2, M2
RA n, Mn
Decision-
maker
assistant
Comparison and ranking of mitigation measures
Mitigation measures are provided to the end-user, who can repeat
the analysis to verify effectiveness of measures implemented.

Conclusions & next steps proposed for ENISA
WISER is building on some of the indications of NIS and is
already benefiting from having received clarifications from
ENISA in a first conference call
WISER would like to maintain a continuously “open line”
with ENISA, to benefit from ENISA’s strategic indications
along the lines of cybersecurity
WISER would like propose to schedule a conference call with
ENISA next May to comment on the early feedback from the
European end-users of the new online service proposed by
WISER to SMEs (“cyberwiser-light”)

www.cyberwiser.eu
@cyberwiser
Thank you for your attention! Questions?
Contact
Antonio Álvarez Romero
Technical Coordinator
Atos Spain SA
antonio.alvarez@atos.net
Contact
Stephanie Parker
Communication Manager
Trust-IT Services Ltd
s.parker@trust-itservices.com

WISER: the European innovative framework on cybersecurity

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie WISER: the European innovative framework on cybersecurity

Ähnlich wie WISER: the European innovative framework on cybersecurity (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

WISER: the European innovative framework on cybersecurity