Sign In

Communications of the ACM

ACM TechNews

Helping Companies Prioritize Their Cybersecurity Investments


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A "key" to cybersecurity.

By securely aggregating sensitive data from cyber-attacks, the SCRAM platform developed at the Massachusetts Institute of Technology's Computer Science and Artificial Intelligence Laboratory can quantify an organizations level of risk, and suggest how to prioritize security investments.

Credit: Chelsea Turner

A new platform developed by researchers at the Massachusetts Institute of Technology can quantify security risks for companies without requiring them to disclose sensitive data about their systems.

The platform, dubbed SCRAM (Secure Cyber Risk Aggregation and Measurement)  enables companies to understand how their security compares tothat of their peers, and gauge whether they should change their security spending based on their specific priorities.

The researchers analyzed internal data from seven large companies with an average of 50,000 employees and annual revenues of $24 billion. They securely aggregated 50 different security incidents that had occurred at these firms and determined steps that could have been taken to prevent them.

In addition, the researchers found that three security vulnerabilities—failure to prevent malware attacks, communication over unauthorized ports, and failures in log management for security incidents—resulted in the biggest losses to the companies, of more than $1 million each.

From MIT News
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found