Consumerisation Research Workshop 3: 6th December 2011
BCS Chartered Institute for IT, 5 Southampton Street, London WC2E 7HA
The aims of this third workshop of the IAAC Programme were to investigate a number of issues relating to risk management in an uncertain world when dealing with advanced persistent threat agents (APT) and advanced evasion techniques (AET). The workshop had as its objective, to answer six questions:
1. How can senior management detect an attack that they have never seen before, as they have no frame of reference for assessing the potential impact?
2. What information do we need to share to achieve the required level of understanding in order to implement effective countermeasures?
3. How can we develop architecture, develop, deploy and operate complex socio-technical systems such that any vulnerability contained in the system cannot be exploited?
4. How can we attribute a computer network attack to a specific attacker that is engineering it to avoid detection and attribution?
5. How do measure and mitigate a level of risk when we do not know if we have been the victim of an attack?
6. How, if we have been attacked, can we quantify the damage/cost accurately if we have lost something as a result of the attack?
1. Theo Tryfonas, Bristol University. Risk Management in an Uncertain World.
2. Sean Ralph, Cyber and Influence Centre, DSTL.Situational Awareness and Advanced Persistent Threat Agents
3. Andrew Blyth, University of Glamorgan.Risk, APT, AET and Other Dangerous Things
Round-table discussion to further the objective of the workshop, under the Chatham House rule.
Download Pre-Workshop Paper here - The Changing Face of IA Risk Management
Download Final Report here