Threat-Oriented Cyber Resilience: Balancing Risk and Reward Through Prevention, Detection, and Mitigation

Establishing a cybersecurity program framed through preventive, detective, and responsive measures requires navigating numerous practices, models, and solutions. A risk-based perspective abandons a one-size-fits-all approach, where a specific set of security controls is considered optimal for any scenario. Instead, efforts are focused on assets that are sensitive to attacks. The conceptual frame for running a cyber risk program is well-established, and multiple methodologies, frameworks, and standards exist. Implementing such practices is nevertheless challenging, and numerous limitations exist in practice.

This PhD thesis considers those challenges within a risk-based security program as research opportunities. Through a set of design studies, novel solutions are proposed and evaluated in the context of specific challenges in prevention, detection, and response. To prevent risks, the proposed threat modeling solutions leverage visual architectural modeling to address the role of collaboration, the significance of insider attacks, and the emergence of AI-related attacks. In addition, the problem of quantification is addressed through solutions exploiting continuity measures. The results indicate improved effectiveness and efficiency in those problem domains while acknowledging and raising attention to underlying limitations, such as the lack of data available or the infeasibility of achieving full automation. Detection and response are considered closely related practices, and novel solutions are proposed to gather attack data and use it in the scope of proactive and reactive defense against sets of threats. Testing the developed solutions attests to the viability of both defense paradigms while being closely coupled to the specific attack and defense scenarios.