Black Belt Cyber

Page Content

Research Areas: Policy, Law and Management

Principal Investigator: Samuel Liles

Black Belt Cyber is a risk metric based risk management framework within a heuristic.  The ability to assess and manage risk of the information enterprise is a challenge. Much of the risk assessment and management process revolves around less than evidence-based measures. This framework attempts to provide a heuristic based process that builds upon the best principles of the risk management literature and assembles those principles into a holistic framework that is easily understood.

The framework assumes a technology suite of information assets in an enterprise. Various technology standards are placed into the framework and analyzed against known elements of the risk framework. Threats, vulnerabilities, countermeasures, and assumed impacts are used as evidence for populating the framework. As such common principles such as the OSI 7 layer model, the MITRE Common Vulnerability Exposure database, standard information assurance and security categories, and recent real world events are explored.

The resulting analysis from this framework can be explored for threat analysis, vulnerability exposure, and if countermeasures are being applied to the enterprise in an efficient manner. As a tool for the information enterprise the framework explores significantly complex issues in an easy to understand manner. Preliminary results from such exploration have already identified trends and risks not commonly understood.

 

Keywords: : Information Risk Management