Universities, R&D Groups and Academic Networks

ICISSP is a unique forum for universities, research groups and research projects to present their research and scientific results, be it by presenting a paper, hosting a tutorial or instructional course or demonstrating its research products in demo sessions, by contributing towards panels and discussions in the event's field of interest or by presenting their project, be it by setting up an exhibition booth, by being profiled in the event's web presence or printed materials or by suggesting keynote speakers or specific thematic sessions.

Special conditions are also available for Research Projects which wish to hold meetings at INSTICC events.

Current Academic Partners:

Critical Infrastructure Asset Identification: A Multi-criteria Decision System

The attacks of 9/11 illuminated the importance of critical infrastructure (CI) identification and protection in the U.S. and other countries. National resource constraints limit the number of assets that protection investments can be dedicated to leaving many questioning: Which assets are critical? Answering this question has proven to be a challenging endeavor with numerous methodologies providing inconsistent versions of “critical” asset lists. Furthermore, the threat landscape continues to evolve as cyber-attacks grow in size and severity, threatening critical infrastructure through the Internet and forcing us to rethink current limitations placed on processes and criteria used for identification efforts. This project will produce techniques and tools for identifying critical assets with sound scientific foundation. The research takes the stance that criticality assessment is a decision process and will apply multi-criteria decision making theory (MCDM) to facilitate the selection of criteria, selection of alternatives, weighting methods, and aggregation methods. The resulting tool will enable the customization of methodologies so that mobile, fixed, and cyber assets can be evaluated based on the objective of the program and regardless of sector or region. Using the resulting solution, the Department of Homeland Security and comparable departments in other countries will be able to use a decision tool to consistently and systematically identify critical assets. The application of the solution to aviation assets and supplementary case study will help significantly improve security of the aviation sector. The broader impact of the proposed research is to share insights learned from the successes and failures of various programs to contribute to establishment of proven identification methodologies in critical infrastructure sector organizations and private sector organizations around the world. The resulting solution can also improve risk management investment decisions by enabling risk assessors to apply risk mitigation strategies and resources only to those assets that are truly critical. Lastly, the techniques and tools can also serve as a foundation for establishing methodology to distinguish non-critical assets

Wide-Impact cyber SEcurity Risk framework (WISER)

WISER delivers a cyber-risk management framework able to assess, monitor and mitigate risks in real time, in multiple industries. WISER incorporates socio-economic impact aspects, building on current state of the art methodologies and tools, and leveraging best practices from multiple industries and international initiatives (e.g: NIS). WISER aims at implementing an impressive series of 9 short experiments, in the form of Early Assessment Pilots (EAPs) to test the resilience of different risk management frameworks (taken from different industries and intended broadly) with regards to both traditional and advanced cybersecurity threats. The EAPs allow taking elements that work best in cybersecurity risk management from different frameworks, to then build and implement an advanced risk management system that will be tested & validated in 3 Full- Scale Pilots (FSPs) – with different, high-impact instantiations in the financial services and insurance industry and in the energy field – to demonstrate market acceptance, as well as scalability of a risk management framework for cybersecurity. The WISER framework will ensure cyber risk management becomes an integral part to good business practice in both critical infrastructure & process owners and ICT-intensive SMEs by offering two delivery modes: a pre-packaged solution for addressing basic cyber risk management needs (i.e. SMEs), and a Risk Platform as a Service (RPaaS) mode of operation of the platform, intended for critical infrastructures or highly complex cyber systems requiring the implementation of special controls within the ICT system to be monitored. Ultimately, WISER implements on-demand service composition and ignites innovative assurance models, also from the point of view of premiums determination targeting. Significant outcomes of the project are also the RPaaS business model, the community of end-users, and the multi-industry synergy & standardization strategy.