We have published a revised version of D6.4.3, TREsPASS deployment and maintenance plan, which also contains the link to the latest version of the TREsPASS virtual machine image.
The TRESPASS virtual machine image and related documentation is also available at https://github.com/itrust-consulting/trespass-vm-enduser.
The security visualisation showcase visualisation.trespass-project.eu has launched. The site documents the visualisation output, documents visualisation methods, gathers demos and prototypes, and lists security related visualisation publications. It consist of many visual examples and demonstration videos.
On friday September 23th, Paolo Ciuccarelli and Michele Mauri of DensityDesign, and TREsPASS partner LUST, will give a data visualisation workshop around security. The workshop is open for security practitioners, people working in data visualisation, students, journalists and those interested in the topic.
22nd of September 2016 the 3th edition of WTHX will be held in The Hague. Professionals from the fields of peace, justice, and security come together with creatives, coders, techies, designers, journalist, artists and philosophers at WTHX for a 12 hour rollercoaster of ideation and co-creation. In small multidisciplinary teams, the 125+ attendees will formulate questions and prototype potential solutions for tomorrow’s issues. These teams use the themes of peace, justice, and security as their starting point.
Attack graphs provide the perfect tool to map and analyze an organization’s attack surface. Incidents are a great source of data to build attack graphs as they show the attack paths attackers actually take. As part of the TREsPASS project, LUST worked with the Verizon Enterprise team on coming up with a novel way to visualise the data presented in their yearly Data Breach Investigations Report (DBIR). The 2016 DBIR Attack Graph uses the actions taken and attributes compromised in the 100,000+ incidents from 2015 to show the attack surface of the entire 2016 DBIR.
TREsPASS will host a Summer School at Royal Holloway University of London from the 20th to the 23rd of June 2016. This Summer School seeks to explore these challenges through a combination of high profile talks on the social aspects of cyber risks and hands-on workshops to transfer a range of modelling and analytical skills innovated specifically for the cyber security terrain. The speakers will come from a range of academic disciplines including law, geography, sociology, politics and international relations, computer science, information systems and information security.
The 4th issue of the TREsPASS newsletter looks at attacker profiles, which we use for modelling attackers with different behaviours and goals. We also give an overview of recent events and publications. The newsletter can be downloaded here.
Makayla Lewis wins first prize with her entry: Cyberstalking: its about control, not only privacy! On November 11 TREsPASS organised a visualisation workshop, and an awards ceremony to announce the winner of the cyber security visualisation award. The jury, consisting of Ben Fry, Claude Heath, Loraine Gamman, Manuel Lima and Raffael Marty had the difficult task to select a winner from the large amount of entries.
The TREsPASS project has just published the results of the third project year, including important insights in requirements for all aspects related to risk assessment in socio-technical security models, and best practices for dynamics of models and model sharing. The deliverables are available from the Documents page on this site:
WINTER SCHOOL ON SECURITY IN SOCIO-TECHNICAL SYSTEMS
January 13-15, 2016, Copenhagen Area, Denmark
TREsPASS is proud to be a partner of Border Sessions, where we participate in the track Activism, Security & Societal Impact. Join us on November 11 and 12 in The Hague with 60+ Sessions, 90+ speakers and 1000+ participants. At Border Sessions, we will host a visualisation workshop and we will present the winner(s) of the cyber security visualisation poster competition.
Deadline extended to December 15th!
Security Nightmare 2015 – Cloud Attack!
Cybercrime Social Engineering Analysis Challenge
TREsPASS is organizing / hosting several events around this summer. Check the links for details!
- Second International Workshop on Graphical Models for Security (GraMSec), July 13, Verona, Italy
- New Security Paradigms Workshop (NSPW), September 8-11, Twente, Netherlands
- Security Assessment for Systems, Services, and Infrastructures Workshop (SASSI), September 15-16, Berlin, Germany (with RASEN and MOSAIK projects)
Today, the TREsPASS Social Engineering Award ceremony took place at the Computer Privacy and Data Protection conference in Brussels. The jury announced that the EUR 750 prize goes to.... Demetris Antoniou! Congratulations!
An attack tree is a hierarchical graphical diagram for representing and analysing attack scenarios, for instance the steps an attacker needs to take to attack a cloud service. Within the context of TREsPASS, these attack trees are annotated with values for cost, probability, time needed and difficulty, per attack step. This page shows two different approaches to visualise these steps and values.
Today, Wolter Pieters of TREsPASS appeared on Dutch national radio in an item on security awareness testing. Suspicious USB sticks had been delivered to several companies, causing the police to issue a warning. In the end, it was unclear whether this was malicious or just a test, with the latter being the most likely. This emphasises the importance of informing the right people and following the right procedures in such tests.
We have extended the deadline for the Social Engineering Analysis Challenge to December 15th. So, if you can think of attack scenarios that might be used to bypass existing security controls, tricking the human element of security — participate and submit your idea!
The TREsPASS project has a published an in-depth review of current standardised Risk Assessment methodologies as part of its Year 2 efforts. The public deliverable is available for download here.
The document lists and describes relevant international Information Security standards, and covers thereafter Risk Assessment methodologies, as well as any related tools. Owners, countries of origin, target organisations are also discussed for each individual method.
Security Nightmare 2015
TREsPASS invites you to the Social Engineering Challenge 2015. You can apply by submitting your proposal before December 1st. After selection by a professional jury, the award-winning proposal will be announced at the CPDP conference in Brussels, Belgium, on January 27-29, 2016.
End of January, the TREsPASS project passed its Year 1 review successfully.
The TREsPASS project has published a report on abstraction levels for model sharing. Due to potentially sensitive information, the sharing of models requires special attention and care.
The deliverable is available from the website's Documents section.
The TREsPASS consortium co-organises the Dagstuhl seminar 14491 on socio-technical security metrics from November 30 to December 5, 2014.
Safety metrics inform many decisions, from the height of new dikes to the design of nuclear plants. We can state, for example, that the dikes should be high enough to guarantee that a particular area will flood at most once every 1000 years. Even when considering the limitations of such numbers, they are useful in guiding policy.
„Attack navigator” protects against weak spots in security
The TREsPASS web page has been opened.