Data-Driven Approaches for Cyber Security Evaluation and Assurance

Dr. Jason Jaskolka of the CyberSEA Research Lab presents for the Carleton University Institute for Data Science Distinguished Speaker Seminar Series

Presentation Abstract

Evaluating and assuring the security of software-dependent systems in the face of cyber-attacks and failures is among the top priorities for governments and providers of electric, financial, communication, and other essential services. This demands systematic, evidence-driven approaches for software development, capable of providing early evidence of mitigating security risks, attacks, and vulnerabilities. As a result, it is necessary to incorporate a variety of system security analyses into the system development life cycle to produce data to support engineering and stakeholder decision-making as part of the security evaluation and assurance activities. This is, of course, not without its challenges. In this talk, we will explore the challenges and opportunities of data-driven approaches for security evaluation and assurance. We will provide a brief overview of some of the different research projects that we are undertaking to address these challenges. Our goal is to provide more objective, reproducible, and consistent outcomes that can serve as the evidentiary basis for more effective security assurance of critical software-dependent systems.