TREsPASS partners with WTHX#3: Peace, Justice, Security + Code

22nd of September 2016 the 3th edition of WTHX will be held in The Hague. Professionals from the fields of peace, justice, and security come together with creatives, coders, techies, designers, journalist, artists and philosophers at WTHX for a 12 hour rollercoaster of ideation and co-creation. In small multidisciplinary teams, the 125+ attendees will formulate questions and prototype potential solutions for tomorrow’s issues. These teams use the themes of peace, justice, and security as their starting point.

Verizon's DBIR 2016 is out! Includes interactive Attack Graph by TREsPASS Project

Attack graphs provide the perfect tool to map and analyze an organization’s attack surface. Incidents are a great source of data to build attack graphs as they show the attack paths attackers actually take. As part of the TREsPASS project, LUST worked with the Verizon Enterprise team on coming up with a novel way to visualise the data presented in their yearly Data Breach Investigations Report (DBIR). The 2016 DBIR Attack Graph uses the actions taken and attributes compromised in the 100,000+ incidents from 2015 to show the attack surface of the entire 2016 DBIR.

TREsPASS Summer School: Social Aspects of Cyber Security Risk

TREsPASS will host a Summer School at Royal Holloway University of London from the 20th to the 23rd of June 2016. This Summer School seeks to explore these challenges through a combination of high profile talks on the social aspects of cyber risks and hands-on workshops to transfer a range of modelling and analytical skills innovated specifically for the cyber security terrain. The speakers will come from a range of academic disciplines including law, geography, sociology, politics and international relations, computer science, information systems and information security.  

TREsPASS Newsletter Issue 4

The 4th issue of the TREsPASS newsletter looks at attacker profiles, which we use for modelling attackers with different behaviours and goals. We also give an overview of recent events and publications. The newsletter can be downloaded here.

Winners of the TREsPASS visualisation competition announced

Makayla Lewis wins first prize with her entry: Cyberstalking: its about control, not only privacy!  On November 11 TREsPASS organised a visualisation workshop, and an awards ceremony to announce the winner of the cyber security visualisation award. The jury, consisting of Ben Fry, Claude Heath, Loraine Gamman, Manuel Lima and Raffael Marty had the difficult task to select a winner from the large amount of entries.

TREsPASS Year 3 Deliverables Published

The TREsPASS project has just published the results of the third project year, including important insights in requirements for all aspects related to risk assessment in socio-technical security models, and best practices for dynamics of models and model sharing. The deliverables are available from the Documents page on this site:

TREsPASS at Border Sessions 2015: Activism, Security & Societal Impact

TREsPASS is proud to be a partner of Border Sessions, where we participate in the track Activism, Security & Societal Impact. Join us on November 11 and 12 in The Hague with 60+ Sessions, 90+ speakers and 1000+ participants. At Border Sessions, we will host a visualisation workshop and we will present the winner(s) of the cyber security visualisation poster competition.

TREsPASS Newsletter Issue 3

A fresh newsletter, this time with specific attention for security visualisation and our visualisation competition, can be downloaded here.

TREsPASS launches visualisation competition

As part of TREsPASS we are running a competition for visualisations that capture the social and technical complexity of so-called "cyber attacks". We are asking you to think about cyber attacks from one of the following perspectives:

New TREsPASS flyer

Have you seen the new TREsPASS flyer? It includes our attack tree visualisation, as well as updated information on the project and its results.

Fake charity proposal wins Social Engineering Award

Today, the TREsPASS Social Engineering Award ceremony took place at the Computer Privacy and Data Protection conference in Brussels. The jury announced that the EUR 750 prize goes to.... Demetris Antoniou! Congratulations!

Summary of the second project year

A summary of the second project year of TREsPASS is available here. Read about our achievements in attack navigation, risk visualisation, and attacker and victim profiles.

Attack trees: Visualisations for complex multi-step attacks

An attack tree is a hierarchical graphical diagram for representing and analysing attack scenarios, for instance the steps an attacker needs to take to attack a cloud service. Within the context of TREsPASS, these attack trees are annotated with values for cost, probability, time needed and difficulty, per attack step. This page shows two different approaches to visualise these steps and values.

Security awareness testing on Dutch national radio

Today, Wolter Pieters of TREsPASS appeared on Dutch national radio in an item on security awareness testing. Suspicious USB sticks had been delivered to several companies, causing the police to issue a warning. In the end, it was unclear whether this was malicious or just a test, with the latter being the most likely. This emphasises the importance of informing the right people and following the right procedures in such tests.

Deliverable on currently established risk-assessment methods published

The TREsPASS project has a published an in-depth review of current standardised Risk Assessment methodologies as part of its Year 2 efforts. The public deliverable is available for download here.
The document lists and describes relevant international Information Security standards, and covers thereafter Risk Assessment methodologies, as well as any related tools. Owners, countries of origin, target organisations are also discussed for each individual method.

Social Engineering Award

Security Nightmare 2015

Cloud Attack!

TREsPASS invites you to the Social Engineering Challenge 2015. You can apply by submitting your proposal before December 1st. After selection by a professional jury, the award-winning proposal will be announced at the CPDP conference in Brussels, Belgium, on January 27-29, 2016.

TREsPASS co-organises Dagstuhl Seminar on Socio-Technical Security Metrics

The TREsPASS consortium co-organises the Dagstuhl seminar 14491 on socio-technical security metrics from November 30 to December 5, 2014.
Safety metrics inform many decisions, from the height of new dikes to the design of nuclear plants. We can state, for example, that the dikes should be high enough to guarantee that a particular area will flood at most once every 1000 years. Even when considering the limitations of such numbers, they are useful in guiding policy.

TREsPASS flyer

The TREsPASS project has a released a flyer for promoting the project. It is available from the website's Documents section.