• Feature space representation of network traces.

    Feature space representation of network traces.

  • The graph represents the netflows observed in a network, the inner circle nodes represent the LAN while the outer circle nodes the Internet. Each edge is a netflow between nodes l in LAN and i in Internet, the color depends on the nature of the communication (e.g. web, skype, mail), and its thickness on the number of netflows between.

    The graph represents the netflows observed in a network, the inner circle nodes represent the LAN while the outer circle nodes the Internet. Each edge is a netflow between nodes l in LAN and i in Internet, the color depends on the nature of the communication (e.g. web, skype, mail), and its thickness on the number of netflows between.

  • Snippet of Work Package 0 comic

    Snippet of Work Package 0 overview comic strip (visual research methods).

  • Data cleaning & organization using general inductive approach and considering potential ways to display Work Package 0 data using visual methods.

    (right image) Data cleaning & organisation using general inductive approach (left image) Potential ways to display Work Package 0 data using visual methods.

“There is of course continuous pressure to extend BYOD (bring your own device to work) access across our estate and we are struggling to achieve an architecture which will allow us to deploy popular applications like Outlook Web Access for 3rd party devices whilst still achieving 2FA and without impinging on the integrity of our service platforms – not so much because of the technical challenges of slicing and dicing security configurations in vmware etc. as trying to second guess how the business and our other tenants will appropriate the processes we encourage them to implement.” – Conn Crawford, Sunderland City Council

In the cyber environment the balance between benefit and harm so clearly articulated by Francis Maude can also be found at the organisational, as well as national and global, level. Cyber space enables many opportunities and provides an environment in which businesses can diversify and tailor their services. At the same time, this range of opportunities also creates critical vulnerabilities to attack or exploit. In order to protect their estate security managers combine organisational, physical and technical controls to provide robust information asset protection. Control lists such as the one found in Annex A of ISO 27001 have long acknowledged the need for the three types of controls but no security management methods are available to systematically combine them. In the complex cyber environment a security manager has limited visibility of technical, physical and organisational compliance behaviours and controls and this makes it difficult to know when and how to select and combine controls.

Research has, to date, not been undertaken to understand how a security manager selects the appropriate control combination. In addition, risk management techniques do not include visualisation methods that can present a combined picture of organisational and technical asset compliance behaviours. This problem is exacerbated by the lack of systematic research of the cultural and organisational techniques used by security managers resulting in limited guidance on cultural and organisational security management approaches.

Inspiration

We are inspired by the work of: Dutch Interaction designers, LUST, who were one of the pioneers of the overlaid information map Finke and Manger who present the principles of information animation in their book Informotion MIT Senseable City Lab

Outputs

Methods for combining and evaluating combinations of technical and organisational security controls Methods and design principles for visualising and analysing combined organisational and technical compliance behaviours Use cases and case study reports

Goals

Explore how a security manager develops, maintains and uses visibility of both organisational and asset compliance behaviours for the management of cyber security risks. Better understand how organisational controls and technical controls are used in combination. Evaluate the use of different visualisations in the risk management process as a means to extend a security manager's ability to deploy combinations of organisational and technical controls in the cyber context.