This document defines an analytical model of cyber threat intelligence in terms of a threat entity’s goal orientation, the capabilities it uses to pursue its goals and its modus operandi. The model is intended to act as a common guiding template for conducting a cyber threat assessment for use by penetration testers to define a set of realistic and threat-informed cyber attack test scenarios.

The executive summary of this paper gives four points of discussion: a) Interest in cyber insurance has grown beyond expectations b) Cyber attacks and breaches have grown in frequency, and loss costs are on the rise c) Insurers are issuing an increasing number of cyber insurance policies and becoming more skilled and experienced at underwriting and pricing this rapidly evolving risk d) Some observers believe that cyber exposure is greater than the insurance industry’s ability to adequately underwrite the risk.

From the report, “Although real damages can be very different from our average estimation, in this report we’ve made a unique attempt to connect potential risks and real consequences of a security breach, defined in dollars, not gigabytes of data and hours of downtime.”

The goal of this research was to produce a transparent methodology for estimating present and future global costs of cyber risk, acknowledging the considerable uncertainty in the frequencies and costs of cyber incidents.

From the paper, “This paper aims, in the first place, to put a concrete proposal on the table. It is not a panacea; it is a plausible way forward. We will start by explaining our proposal in detail and the problems we believe it would solve. We then discuss the proposal’s strategic rationale at a higher level, how it compares to various past and current practices, and why concerns about the dangers are considerably exaggerated. We conclude by considering the specific legal changes the proposal would require.”

A very detailed report that discusses the dangers of cyber threats to infrastructure and large systems that impact all of society.

This ebook takes a look at cloud archiving, and why it is a better choice than older more traditional methods.

This BitSight Insights report, Risk Degrees of Separation: The Impact of Fourth Party Networks on Organizations, focuses on aggregate risk and the issue of single points of failure. Insurance companies tackle this risk by monitoring whether a common set of threats impact their entire portfolio of insureds. However, without visibility into cyber risk aggregation, an insurance company could be jeopardized if there is a breach or any type of network disruption that affects a majority of their insureds.

This is the final report of a study commissioned by the UK Ministry of Defence (MOD) through the Defence Human Capability Science and Technology Centre (DHCSTC) framework. The study was conducted over a period of six weeks and examines the academic debate pertaining to the moral landscape of conflict that spans different military domains (air, maritime, land, space, cyber). The investigation which is the subject of this report was commissioned by the Programme and Delivery Directorate of the Defence Science and Technology Laboratory (Dstl).

The Proofpoint Threat Report explores threats, trends, and transformations that they see within their customer base and in the wider security marketplace.

This case study attempts to connect all the dots when it comes to security analysis by using nine anecdotes cited in the top threat’s for its foundation. Each of the nine examples are presented in the form of (1) a reference chart and (2) a detailed narrative. The reference chart’s format provides an attack-style synopsis of the actor, spanning from threats and vulnerabilities to end controls and mitigations. They encourage architects and engineers to use this information as a starting point for their own analysis and comparisons.

A report from the government of the United Kingdom detailing the findings of a survey regarding security breaches in 2015.

This white paper is geared towards the energy industry and learning about how network security can help maintain cybersecurity protections specifically in that industry.

This paper dicusses the best pracitices for gaining conrtol over Cyber Attacks and the Incident Response action.

What is the balance of economic benefits and costs conferred upon societies by cyber technologies, also designated here as information and communication technologies (ICT)? And how might that balance change in coming years? This report, prepared as a quantitative foundation for work sponsored by the Zurich Insurance Group, addresses these questions by assessing the current pattern of benefits and costs in countries and globally, mapping their apparent trajectory in recent years, and exploring their possible futures through 2030.

There is currently very little published research discussing the cybersecurity threats against ITS. In this paper, we first explored real-world ITS cyberattacks and their impact. As cyberattacks and attackers go hand-in-hand, we discussed the most likely perpetrators and their goals and motivations for attacking ITS. We then applied our knowledge of current cyberattacks to develop and analyze future cyberattack scenarios against ITS and Smart Roads.

This report documents research conducted as part of the project “Building a Strategy for Cyber Support to Corps and Below.” RAND Arroyo Center was asked by U.S. Army Cyber Command’s G35 office to develop and document an Army strategy for providing cyber sup- port to corps and below (CSCB) units that describes how the Army should use its available resources to achieve mission objectives.

When tackling cyber risk, board involvement and effective communication continue to drive performance. Learn more in this report on the key findings from Protiviti’s 2017 Security and Privacy Survey.

Vector Consulting was commissioned by Cisco Australia and New Zealand to better understand the role and impact of cloud in higher education and training. For the purposes of this report `cloud’ is predominantly focused on infrastructure as a service or cloud-based infrastructure. The study included desktop research, targeted interviews and a comprehensive survey, which forms the basis for this report. The survey was distributed electronically to Australian and New Zealand institutions to better understand their current views about where cloud was having the most impact and how they were planning for cloud. The survey was in field for two weeks and all individual responses were provided.

This report focusses on the election of 2016 and offers some solutions for protecting an election from hackers.

This paper is intended to support those preparing their organisation for the General Data Protection Regulation (GDPR) and considering what the Right to be Forgotten (RtbF) means for their organisation.