Towards Automated Information Gathering and Processing for Cyber Risk Assessment

During the past decades, technology quickly took a predominant role within the architecture of organizations and enterprises of all sizes and purposes. From public relations to business functions, information systems are employed to simplify tasks and optimize workloads. However, with great benefits also come significant disadvantages: exposure to cyber threats and cyber risk. In a world where cyber attacks could easily disrupt companies and damage stakeholders, the precise evaluation of the cyber risk factor is crucial, both for companies desiring to mitigate their risk and for insurance providers. The risk analysis process is costly and time-consuming, requiring particular efforts for information gathering and the consequent processing of it. Starting from such premises, the work in this Thesis aims to explore diverse approaches to collecting risk-related information from multiple sources. Particular attention is given to the offensive point of view, the attacker’s perspective with its techniques, tactics, and procedures for gathering information about their targets. The research started with analyzing industry-level standards for cyber security and cyber risk management to extrapolate what information can be considered significant under the cyber risk assessment perspective and how such knowledge can be collected. The focus is then shifted to the attacker’s point of view, and different offensive tools are evaluated to understand the risk-related information they can produce. Additionally, different strategies for enhancing such data are studied, producing interesting results in the scope of data classification. As a final result, an automated framework for cyber risk knowledge collection, processing, and enrichment is built upon the outcomes of the research’s previous portions. By employing forward reasoning on starter chunks of information, the framework can programmatically collect new data based on previously defined rules and produce novel knowledge based on the gathered one. Lastly, ideas for further work are presented through extensions of the framework with new collection techniques, additional sources of information, and additional machine learning-assisted methods for data enrichment.