Towards a risk-driven security modelling methodology

Tuesday 10th March 2009. 7.00pm for 7.30pm. Ends 9.00pm.

BT Delta Point, 35 Wellesley Road, West Croydon. Near to West Croydon Rail and Bus Stations; and 8 mins walk from East Croydon Railway Station.

Paul Kearney B.Sc, PhD. is Head of Enterprise Risk Research in BT's Centre for Information and Security Systems, where he has responsibility for building a research programme in Enterprise Risk Management around a number of internal, university, and FP7 collaborative projects.

He has recently been working on secondment to the Business Continuity practice in BT Global Services helping develop a portfolio around the concept of the Resilient Enterprise, and continues in that role part time. He is also active in the research community beyond BT, playing a leading role in current and past collaborative research projects and various working groups and programme committees.

Particular interests include architectures for managing trust and security in open distributed systems, and model-driven approaches to design of secure solutions. Paul has a BSc and PhD in theoretical physics and worked for British Aerospace and Sharp Laboratories of Europe in R&D roles before joining BT in 1997. He is a Member of the Institute of Information Security Professionals and a Certified Information Systems Security Professional (CISSP).

The BT Security Research team has been developing a modelling language and method for representing and analysing ICT security requirements. The language is used to create a model that serves as a medium for communication between consultant and customer, a guide in making decisions, and the basis of a specification for implementing a solution.

Three sub-models deal with business and technical requirements of the ICT system; threats, vulnerability and risks; and security measures and processes. The modelling process is iterative, with decisions being driven by optimisation of business value, trading off risk against cost. The talk will focus on our current view of the meta-model and on our representation of risk.

    Everyone is welcome. Refreshments provided. Admission is free.