The main effort of KTP № 11598 was to explore ways of presenting quantitative IT security risk metrics to non-technical users, inspired by Hubber & Seiersen’s book How to Measure Anything in Cybersecurity Risk. This revolved around the use of Monte Carlo simulations and involved an ambitious plan of research to attempt to quantify the real costs and benefits of a variety of IT security controls, such as user training.
Initially, this was to form part of Mitigate Cyber’s suite of Mitigate Hub modules. However, their unexpected early withdrawal led instead to similar ideas being explored within a game setting.
I also delivered a pair of presentations on the theory behind this project whilst working at Actica.