Research project

CyberKit4SME

Project overview

The overall aim of CyberKit4SME is to democratize advanced cyber security methods for SMEs and MEs, in order to:

Enable SMEs and MEs to monitor and forecast cybersecurity risks by equipping them with advanced, but low-cost and easy-to-use tools that will allow them to both assess the cybersecurity risks of their business’s IT infrastructure at design-time (following an asset-based risk assessment approach aligned with ISO 27005) and to monitor and update risk level assessments in real-time to detect potential threats without frequent recourse to expensive cybersecurity experts including consultants.

Raise SMEs and MEs’ awareness of cybersecurity risks, vulnerabilities and attacks through training in the use of these tools, and by analysing organisational and human factors that affect risk levels in their business; making educational material available for their employees to promote safe behaviour; facilitating their participation to cyber ranges as part of the training experience, and fostering a resilient community of SMEs and MEs by promoting information exchange with CERT/CSIRTs and other SMEs and MEs on cybersecurity incidents.

Support SMEs and MEs to manage their security, privacy and personal data protection risks by providing a wide-ranging set of tools that will allow them to implement risk mitigation measures based on a sophisticated risk analyses for their information networks, including end-to-end data protection using advanced encryption techniques to ensure confidentiality and integrity for data stored, transferred and processed onsite or in the cloud, and SIEM technology to help them prevent, detect and recover from cyber-attacks.

Equip SMEs and MEs with an online collaborative, security information sharing and incident reporting system by providing a blockchain platform through which SMEs and MEs will be able to securely share cybersecurity information in supply chains and with CERTS to improve risk monitoring and facilitate preparedness and responses to cyber-attacks, engage in a collective response to cyber security risks, and implement mandatory cybersecurity incident reporting.

Staff

Lead researchers

Professor Mike Surridge

Professorial Fellow Information Tech

Research interests

  • Computer Networks Security
  • Automated cyber security risk assessment and management
Connect with Mike

Dr Stephen Phillips

Principal Enterprise Fellow

Research interests

  • Cyber-security
  • Risk management
  • Secure systems
Connect with Stephen
Other researchers

Professor vladi Sassone PhD FBCS MAE

Roke/RAEng Research Chair in Cyber Secur
Connect with vladi

Collaborating research institutes, centres and groups

Research outputs