The attack navigator – Finding and defending against socio-technical attacks

Session: Security risk & compliance assessment, Tue., Sep. 15, 14:00 - 14:30 

Industry must react to both existing and unknown attacks on software and intelectual property. These attacks involve physical, virtual, and socio-technical components. Risk assessment is used to prioritize the use of defense resources. The TREsPASS project has developed the concept of an attack navigator that uses system maps and attacker profiles to identify attacks. The attack navigation on system maps is based on invalidation of organisational policies, resulting in weighted attack trees to guide risk assessment and governance using typical attacker profiles.

About Christian W. Probst

Christian W. Probst is an Associate Professor in the Department of Applied Mathematics and Computer Science at the Technical University of Denmark, where he works in the section for Language-Based Technologies. Christian is technical co-lead of the TREsPASS project. In his work he addresses safety and security properties of systems and organisations, most notably insider threats. He is the creator of ExASyM, the extendable, analysable system model, which supports the identification of insider threats in organisations.