Customized and Adaptive approach for Optimal Cybersecurity Investment

Home » Services » Cybersecurity Cataloge » Customized and Adaptive approach for Optimal Cybersecurity Investment
01/01/2017 to 31/12/2020

The proposed research aims to help organisations to make better cybersecurity investments. For example is it better in a given organization to prioritise a policy of changing passwords over patching software regularly? And how frequently should passwords be changed? Should all employees scan for malware all USB sticks? The answers to these kind of questions largely depends on the type of organization and the specific threats it faces. For example while requiring employees to change passwords often may decrease the threat from some kind of attacks, it also imposes costs on the organization both in terms of help desk workload and employee productivity. Are these costs justified? it depends on the specific organization and the threats it faces.
There is no one size fits all solution in cybersecurity, hence a cybersecurity investment plan should start with an appropriate model of the organization and its threat profile. We will build such a model which will capture in a formal way important aspects of the socio-human-technical characters of the organization and its exposure to attacks.
This model will inform our decision support engine, which will evolve from our recent research using optimisation and game theory. In this project we will refine our existing decision support engine.
One of the planned refinements is about the possible threats faced: is the attacker someone just exploring the web for weak websites or a criminal targeting that specific organization or maybe an employee from a foreign intelligence agency? The mathematical modelling of these different attackers presents challenges. Other refinements are in terms of dealing with different ways security controls can be combined, for example how to measure the effectiveness of changing password and encryption in relation to an attacker who wants to steal data - do they combine additively (i.e. are independent)? or multiplicatively (i.e. are totally correlated)?
We also want our engine to be resilient, i.e. we want to give meaningful advice even if the data is not very precise, and we want it to be robust, i.e. it should provide security guarantees even when the data is not very precise.
We will enrich our decision support engine with adaptivity so that once deployed it is capable to adapt to changes in the organisation, the threat profile and the general societal environment. For example the investment advice should change if a major new attack has been reported (for example the Heartbleed and Shellshock vulnerabilities in 2014), or if a new more effective security control is available.
Our research will both provide theoretical and practical advances to these challenging issues. The practical advance will be in the form of prototype tools. We will measure our achievements via validation of these prototype tools. The validation will start by comparing our calculated investment strategy with expert advice and will evolve to larger case studies involving our partners and careful deployment in the field.

Sunday, 1 January, 2017 to Thursday, 31 December, 2020


The 36-month project with approximate funding of € 5 million focuses on the development of cybersecurity solutions in the form of reliable, flexible, scalable, and efficient ICT components for Critical Infrastructures Information (CIIs).

Future Events

OpenExpo Europe is the largest Congress and Professional Fair on IT Innovation in Europe. It will offer an entire day of conferences, business cases, keynote speakers, practical workshops, round tables, demos and many other activities.


Infosecurity Europe is the sourcing and knowledge hub for Europe’s information and cyber security community. Featuring an interactive exhibition floor with over 400 cutting-edge suppliers, a far-reaching conference programme and a host of networking opportunities, it brings information and cyber security to life. The event aims at bringing business, tech and cyber communities together to discuss and discover how best to protect companies and individuals.

02/06/2020 to 04/06/2020