SAINT

Introduction

The H2020 SAINT project examines the problem of failures in cyber security by using a multidisciplinary approach that goes beyond the purely IT technical viewpoint. SAINT analyses and identifies incentives to improve levels of collaboration between cooperative and regulatory approaches to information sharing in order to enhance cyber security and mitigate: (a) the risk and (b) the impact from a cyber-attack, while providing, at the same time, solid economic evidence on the benefit from such improvement

Who is the project designed for? 

SAINT stakeholders are all involved in the cyber-security domain: academic researchers, cyber security practitioners, market agents, law enforcement authorities, policy makers, regulators, governmental authorities. SAINT collects important information, regarding cyber-threats and relevant vulnerabilities, tangible (assets) and intangible (reputation) risks in order to identify the most relevant indicators and metrics.

SAINT analyses these cyber security data metrics with a multidisciplinary methodology, employing analytic frameworks from various scientific disciplines (IT, Economics, Psychology, Law), resulting in a new empirical science consisting of novel analytic methods and models for cyber-security.

The research and development that comprise the SAINT Analysis methodology, can be categorised into the following main scientific activities:

• applied cyber-security metrics analysis;
• regulation focused comparative analysis;
• data mining and data processing automated analysis;
• economic and behavioural theoretic analysis for the development of relevant econometric models.

How is your project benefitting the end-user? 

SAINT will benefit all relevant stakeholders by:

• establishing a complete set of metrics for cyber-security economic analysis, cyber-security and cyber-crime market;
• developing new economic models for the reduction of cyber-crime as a cost-benefit operation;
• evaluating the associated benefits and costs of information sharing regarding cyber-attacks;
• identifying the limits of the minimum needed privacy and security level of internet applications, services and technologies;
• identifying potential benefits and costs of investing in cyber-security industry as a provider of cyber-security services;
• providing a set of recommendations to all relevant stakeholders to fight cyber-crime through a systemic approach.

Through these activities, the aim of SAINT project is to improve social, institutional and economic comprehension of cyber security failures, facilitate information dissemination and sharing, and improve decision making, governance and investments by the relevant stakeholders.

Please briefly describe the results your project achieved so far

• Comparative analysis of cybercrime victims.
• Economic analysis about the influence of co-operation in cybersecurity on the economic performance
• Analysis on cybersecurity failures and requirements
• Analysis of legal and illegal vulnerability markets and specification of the relative data acquisition mechanisms

What are the next steps for your project?

• Economic analysis of the cybersecurity market
• Economic analysis analysis about cybercrime's revenues
• Economic analysis on the effectiveness of cyberdefence methods
• Designing and implementation of algorithmic tools for automated analysis on cyber-incidents and cybersecurity behaviour
• Construction of an integrated platform for automated data retrieval and analysis