The SAINT project proposes to examine the problem of failures in cyber-security using a multidisciplinary approach that goes beyond the purely technical viewpoint. Building upon the research and outcomes from preceding projects, the aim is to combine the insights gained to progress further analysis into economic, behavioural, societal and institutional views in pursuit of new methodologies that improve the cost- effectiveness of cyber-security.
SAINT proposes to analyse and identify incentives to improve levels of collaboration between cooperative and regulatory approaches to information sharing in order to enhance cyber-security and mitigate (a) the risk and (b) the impact from a cyber-attack, while providing, at the same time, solid economic evidence on the benefit from such improvement based on solid statistical analysis and economic models.
SAINT’s concept and methodology is depicted graphically in the diagram above. The community of all stakeholders and agents in the cyber-security industry (academic researchers, market agents, law enforcement authorities), provide important information about cyber-threats and relevant vulnerabilities, regarding tangible (assets) and intangible (reputation) risks in order to identify and provide the relevant indicators and metrics (e.g., Value at Risk metric). SAINT analyses these cyber-security data metrics with a multidisciplinary methodology, employing analytic frameworks from various scientific disciplines (IT, Economics, Psychology, Law), resulting in a new empirical science consisting of novel analytic methods and models for cyber-security. In the end, based on the results of this analysis, SAINT will provide to a clear set of methodologies, regulatory recommendations, behaviour protocols, and best practices to all relevant stakeholders including policy makers, regulators, governmental authorities, law enforcement agencies, and relevant market operators. It will also provide business models and guidelines to the relevant stakeholders for mutually beneficial cyber-security information sharing, enhanced privacy protecting behavioural attitude, market competitiveness in the cyber-security industry, and efficiency in cyber-security investment.
The research and development that comprise the SAINT Analysis methodology, can be categorised into the following main scientific activities:
- Applied cyber-security metrics analysis.
- Regulation focused comparative analysis.
- Data mining and data processing automated analysis for the development of machine learning algorithms.
- Economic and behavioural theoretic analysis for the development of econometric and behavioural models.
- Establish a complete set of metrics for cyber-security economic analysis, cyber-security and cyber-crime market
- Develop new economic models for the reduction of cyber-crime as a cost-benefit operation.
- Estimate and evaluate the associated benefits and costs of information sharing regarding cyber-attacks .
- Define the limits of the minimum needed privacy and security level of internet applications, services and technologies.
- Identify potential benefits and costs of investing in cyber-security industry as a provider of cyber-security services.
- Develop a framework of automated analysis, for behavioural, social analysis, cyber-security risk and cost assessment.
- Provide a set of recommendations to all relevant stakeholders including policy makers, regulators, law enforcement agencies, relevant market operators and insurance companies.