Cyber Security Research
We understand that the threat landscape changes on a daily basis and to ensure we deliver the best for customers, we are committed to investing in leading-edge security research. CentriVault has a pedigree in academia having being established from University projects. We understand the importance and value of effective research.
As part of our commitment, we have developed specialisms in security behaviours and interventions, SME information security implementations, next-generation threat analysis (especially malware), legal frameworks and international standards in the context of information security/data protection and automation techniques (especially linked with ISO 27001).
This page will help you keep up with current trends, innovation and topics, including journals, conferences papers and whitepapers that we have produced or helped to produce. If there is any other research topic not covered on here, then please contact us.
A review of key papers about automation opportunities in the ISO 27001
risk control process
Clause 6.1.3 of ISO 27001:2013, identifies how an organisation can respond to risks with a risk treatment plan; a key being the selection of suitable controls. This paper provides an analysis of the automation opportunities for those controls and critically analyse previous automation research using ISO 27001:2005 controls and considers the automation opportunities with the current controls. The results from this whitepaper demonstrate that automation opportunities do exist across ISO 27001:2013 controls and highlights operation security as a control domain with the most potential. The automation opportunities identified to support any organisation’s need for greater productivity, cost-saving, availability, reliability, and performance whilst implementing controls for their information security management system.
Defining a new composite cybersecurity rating scheme for SMEs – ISPEC 2019 Conference
The 5.7 million small to medium enterprises (SMEs) in the U.K. play a vital role in the national economy, contributing 51% of the private sector. However, the cyber threats for SMEs are increasing with four in ten businesses experiencing a cyber attack in the last twelve months. One significant treatment of this growing concern is in the implementation of long-established information security standards and best practices. Yet, most SMEs are not undergoing the certification process, even though the current threats are now widely published by the U.K. government. This paper investigates the disconnect of cyber threats facing SMEs with their current security postures and perceptions. This paper also identifies the influencing factors needed to improve SMEs’ security behaviours and engagements with information security best-practices. This paper proposes a new composite cybersecurity rating…
Developing a security behavioural assessment approach for cyber rating UK MSBs – Cyber Security 2020
Micro and small businesses in the UK account for over 99% of all UK businesses. Still, a growing perception gap is how these businesses perceive the relevance and value of cyber security and the potential impacts from this. Recent UK government studies have shown a significant increase in the average cost to these smaller businesses after suffering a disruptive attack. Yet, their engagement with recognised standards and best practices is still relatively low. This paper aims to evaluate current behavioural models in the context of information security and develop a new influence-led approach to help ensure smaller businesses are both cyber ready and secure behaviours can be developed. To help achieve this, new engagement channels are identified and methods to understand inferential and influencing factors for effective behaviour change.