SecBCM – Secure and Resilient Business Continuity Management of Critical Operations (SecBCM)
Main funder
Funder's project number: 3070/31/2024
Funds granted by main funder (€)
- 60 000,00
Funding program
Project timetable
Project start date: 01/10/2024
Project end date: 31/03/2025
Summary
Paths from threats to exploitation is becoming faster, for example time from a vulnerability notification to a commonly available exploitation method is mostly less than a week. Infection escalation time after initial attack to beginning of, e.g., data exfiltration or encryption is in many cases counted in seconds. The malicious cycle is fast and there is a need to perceive emerging threats in a very early phase before any concrete malicious actions by adversaries or even before malicious actors see a chance for exploitation. Therefore, our aim is to design an initial infection investigation (I3) system that offers input to prevailing security operations, such as security operations centers (SOC) and its’ input sources, such as SIEM, Threat Intelligence, Log Collection among others. The I3 system collects information from various sources in the Internet including both surface and dark web, physical world and institutions. It combines collected signals to identify
possible new threats by searching correlations and causal relations with, e.g., neuro-fuzzy tools. University of Jyväskylä focus on identification of the signal sources and the available tools for emerging threat recognition. Other project partners contribute also to signal source identification and evaluate required skills, mix of expertise and amount of work to build automated abilities to recognize new threats. They also evaluate adaptation capabilities of the prevailing security
arrangements and operations to different kind of signals as the signs of threat. Six Finnish companies collaborate and support and JYU’s work in the project.
possible new threats by searching correlations and causal relations with, e.g., neuro-fuzzy tools. University of Jyväskylä focus on identification of the signal sources and the available tools for emerging threat recognition. Other project partners contribute also to signal source identification and evaluate required skills, mix of expertise and amount of work to build automated abilities to recognize new threats. They also evaluate adaptation capabilities of the prevailing security
arrangements and operations to different kind of signals as the signs of threat. Six Finnish companies collaborate and support and JYU’s work in the project.
Principal Investigator
Other persons related to this project (JYU)
Contact person (yes/no): Yes | |
Primary responsible unit
Follow-up groups
Profiling area: Cyber security (University of Jyväskylä JYU)