The model-based cybersecurity assessment software tool supports holistic security assessment of complex critical infrastructures systems, such as power grids, metros, and other critical information infrastructure systems.
By using the tool, security practitioners can integrate diverse inputs from different experts ---- including domain-specific threat scenarios and process models, system architectures, security controls, and attacker models ---- to reason about the security posture of the system being evaluated. In particular, the software can automatically link these diverse types of information together to form a “security argument graph”, which provides an intuitive way to help security analysts visualize and argue about the different cybersecurity risks a system is facing and informing the selection of suitable security controls to mitigate these risks.
The software tool is an integrative security assessment tool that will help Critical Information Infrastructure (CII) companies and their security consultants to understand the threats their systems are facing and gain visibility to their assets and weak points. The tool also can help them plan their security investment, and allow them to carry out all these work in an efficient manner. To achieve this, the software offers the following main advantages:
The model-based cybersecurity assessment software tool can process heterogeneous pieces of information about a CII system, such as its business processes, network infrastructure, security measures, and attacker models and use this information to argue about the security level. This enables security practitioners to make intelligent decisions in order to best protect their systems. The software’s visual and comprehensive presentation of the security risk information can help efficient communications among different stakeholders of a CII system, regarding its cyber security management.