The DICYME project, a collaboration between the Rey Juan Carlos University (URJC) and DeNexus, has developed a cutting-edge web application designed to facilitate cybersecurity risk assessment. This interactive platform combines advanced data analytics and artificial intelligence (AI) with an intuitive visual interface. It is structured into three primary modules, guiding users seamlessly from data exploration to risk quantification, ensuring a comprehensive understanding of cybersecurity risks and challenges.
Data Module
The Data module enables users to explore proprietary data sources curated within the project. It is subdivided into three key datasets:
-
Cyber Incidents aggregates data from six public incident databases: OT-specific sources such as TI Safe and ICS Strive, alongside general databases like KonBriefing, CISSM, Hackmageddon, and EuRepoC.
-
Victim Profile compiles firmographic information (e.g., country, industry, size), online reputation, and exposure or proneness to cyberattacks.
-
IDS presents anonymized aggregation indicators generated from a sample of data obtained from Nozomi Networks Guardian for a DeNexus client.
Indicators Module
The Indicators module transforms data into meaningful cybersecurity risk scores using various sources, some of which are directly obtained from public records (thus not included in the Data module). It includes:
-
Threat Actors, which provides a threat indicator for different adversaries, sourced from the Electronic Transactions Development Agency (ETDA), evaluating their capability, intent, and activity. Users can generate the indicator dynamically based on entities collected in the Victim Profile dataset, comparing multiple organizations or defining one through input parameters.
-
Attractiveness, a Machine Learning (ML) based score predicting an organization's likelihood of experiencing a cybersecurity incident based on its public-facing characteristics. Users can run the model on dataset entities or define a fictitious organization for evaluation.
-
CVE2TTs, a ML model that links CVEs to MITRE ATT&CK techniques and, consequently, also to tactics.
Models CRQ module
The Models CRQ module implements advanced simulation models to quantify cybersecurity risk for an organization, utilizing previously analyzed data and indicators. The unit of analysis can be companies in the Victim Profile dataset or a fictitious entity defined through required inputs for each model.
Other features and future work
The app's structure encourages a logical progression: users start with Data, derive Indicators, and finally, leverage these insights in Models CRQ for comprehensive risk quantification. This seamless navigation ensures that cybersecurity professionals can effectively analyze, assess, and act upon relevant risk factors.
Additionally, the platform incorporates AI-based explanations that interpret visualized graphs and datasets for users, enhancing accessibility and comprehension—though we will explore this feature in a separate post.
Work is underway on the Models CRQ module, adding simulations that leverage previous data and indicators. Additionally, efforts are being made to generate customized reports for the companies analyzed, incorporating data, information, and AI-generated explanations.