Communications of the ACM
Helping Companies Prioritize Their Cybersecurity Investments
By securely aggregating sensitive data from cyber-attacks, the SCRAM platform developed at the Massachusetts Institute of Technology's Computer Science and Artificial Intelligence Laboratory can quantify an organizations level of risk, and suggest how to
Credit: Chelsea Turner
A new platform developed by researchers at the Massachusetts Institute of Technology can quantify security risks for companies without requiring them to disclose sensitive data about their systems.
The platform, dubbed SCRAM (Secure Cyber Risk Aggregation and Measurement) enables companies to understand how their security compares tothat of their peers, and gauge whether they should change their security spending based on their specific priorities.
The researchers analyzed internal data from seven large companies with an average of 50,000 employees and annual revenues of $24 billion. They securely aggregated 50 different security incidents that had occurred at these firms and determined steps that could have been taken to prevent them.
In addition, the researchers found that three security vulnerabilities—failure to prevent malware attacks, communication over unauthorized ports, and failures in log management for security incidents—resulted in the biggest losses to the companies, of more than $1 million each.
From MIT News
View Full Article
Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA
No entries found