This project aims at predicting compliance to ISO27k security guidelines while maintaining overarching business and security goals. It does so by probabilistic and stochastic model-based prediction that includes software tool support for security metric and goal definition, and by introducing provenance in the enterprise for the purpose of parameterizing models that evaluates ISO27k implementations against the multiple objectives. The project is a collaboration between Newcastle University in the UK and the University of Illinois at Urbana-Champaign in the USA. It strongly leverages and “fills significant holes” in existing research in this area, in collaboration with HP, HP Labs, and associated research at the partners. William H. Sanders is the PI at Illinois.
(funded by the HP Labs Innovation Research Program)