Cyber Risk
Current approaches to cyber risk management are falling short. They are often compliance-based, subjective, and qualitative. Similarly, most efforts to measure and manage cybersecurity effectiveness are overly focused on compliance, being driven by regulators and internal IT audits. Yet, compliance does not translate to risk management, nor does compliance translate to security. “Compliant” organizations are getting breached daily, finding themselves on the front page of the Wall Street Journal.
In 2018, Dr. McKenna led a high-visibility, fast-paced cyber-risk modeling project for a Fortune 100 client to develop a probabilistic model quantifying cyber risk from the enterprise level down to the device level. Dr. McKenna’s solution used cyber-threat intelligence, device data, network log data, vulnerability data, and security control data in a complex suite of models that interact within a Monte Carlo simulation framework. The simulation operates across a modeled attack graph to quantify likelihoods and impacts at all levels of the organization.
Technical Topics
- Monte Carlo simulation
- Attack surface modeling
- Threat modeling
- Network modeling
- Loss modeling
Probabilistic Analysis
Not all problems have a singular answer or are deterministic. The messy ones are probabilistic and Track 2 knows how to get dirty. We have extensive experience with statistical and probabilistic analysis. Areas of expertise include Monte Carlo simulation, Bayesian analysis, hypothesis testing, and probabilistic modeling.
Application Areas
- Geophysics
- Cyber risk
- Sports analytics
- Signals
Track 2 Analytics 