The white paper, entitled ‘The Relative Effectiveness of widely used Risk Controls and the Real Value of Compliance’, was launched at The Old Library, Lloyd’s of London, on 21 February.
The paper discusses the findings of the second phase of a collaborative research programme, sponsored and funded by Novae Group, which draws upon the expertise of academics at the University of Oxford both in the Department of Computer Science (Professor Sadie Creese, Professor Michael Goldsmith, Dr Ioannis Agrafiotis and Dr Jason R.C. Nurse) and at the Saïd Business School (Professor David Upton).
Professor Sadie Creese commented: “Instead of simply working to comply with standards, organisations must look carefully at the vulnerabilities inherent in the assets that they want to protect. Cyber-attackers are creative and aggressive. Both the changing threat and the attack-surface of an organization must be modelled in order to ensure that cyber-controls offer adequate protection from harm.”