PhD: Cyber 360 - A Cyber Risk Visualization and Action Platform- ON-525

Project type: Research
Desired discipline(s): Engineering - computer / electrical, Engineering, Computer science, Mathematical Sciences
Company: BankingBook Analytics
Project Length: 6 months to 1 year
Preferred start date: 01/03/2022
Language requirement: English
Location(s): Ottawa, ON, Canada; Canada; Canada
No. of positions: 1
Desired education level: PhD
Search across Mitacs’ international networks - check this box if you’d also like to receive profiles of researchers based outside of Canada: 
No

About the company: 

Our purpose is to build an analytics-driven organization by combining the latest techniques with deep industry, functional, and analytics expertise to help clients capture the most value from data.

Describe the project.: 

This is an opening for a PhD in the Cyber Security Evaluation and Assurance (CyberSEA) Research Lab at Carleton University. 

Project Description
As systems and organizations become larger and more complex, decision-makers face many challenges regarding ways to
identify, analyze, and prepare for threats and hazards, mitigate vulnerabilities, and minimize impact and consequences.
This project aims to develop a cyber risk dashboard that supports asset management, threat source identification, and
advanced threat assessment techniques to identify and score security vulnerabilities related to the people, processes,
and systems of an organization. The project also aims to map mitigation strategies with identified vulnerabilities, and
where such mitigation strategies does not exist, create enterprise-wide projects to develop and requisition internally and
externally. The internal rate of return (IRR) or economic value of the outcomes of such mitigation strategies will be
monitored to provide additional insights.
In this project, we will focus on developing a software platform to manage and store threat model information and
integrate with BBA’s machine learning models to provide insights into potential cyber risks. We will use a well-known
and established threat modeling methodology such as STRIDE to obtain a set of threats (or classes of threats) that
need to be mitigated. We will also use a suitable vulnerability scoring framework such as CVSS (or other econometric
scoring models) to score the identified vulnerabilities and obtain data that can be ingested by existing machine learning
models to produce projected loss severity outcomes.

Objective
The general objective of the project is to develop a solution capable of providing more objective, reproducible, consistent,
commonly understandable, and actionable information that can integrate with existing machine learning models to
assist stakeholders in making decisions on how to improve overall organizational security and resilience. This will involve
the following tasks:
1. Developing an approach to identify/inventory the relevant assets, threat sources, and vulnerabilities for a complex
organization.
2. Establishing a mechanism/approach for scoring the identified vulnerabilities to generate actionable data that can
support decision-making and be used as input for more detailed data-analysis methods.
3. Implementing a cyber risk dashboard to manage and visualize the data, and provide recommendations and guidance
on how to improve the organizational security and resilience.

Required expertise/skills: 

Suitable candidates will have a Master’s degree in Software Engineering, Computer Science, or a related field. Ideal
candidates will be self-motivated with an ability to work independently and to communicate effectively in a team
environment. Applicants must possess strong programming skills. A background in cybersecurity is highly desirable.
Experience with threat modeling, threat and risk assessment, and/or knowledge of security metrics and measures is
considered an asset. Applicants should also have very strong written and verbal communication skills.
All candidates must satisfy the Minimum Admission Requirements for Doctoral Programs at Carleton University.