Institute to focus on understanding the overall security of organisations, including their constituent technology, people and processes. It is now in its second phase.

RISCS2 will have three annual community meetings plus an academic conference shared with its siblings, the UK Research Institute in Verified Trustworthy Software Systems (VeTSS), led by Philippa Gardner (Imperial), the Research Institute in Trustworthy Industrial Control Systems (RITICS), led by Chris Hankin (Imperial) and the Research Institute in Secure Hardware and Embedded Systems (RISE) led by Maire O’Neill.

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cyber security as a science. It collects evidence about what degree of risk mitigation can be achieved through a particular method – not just the costs of its introduction, but ongoing costs such as the impact on productivity – so that the total cost of ownership can be balanced against the risk mitigation that’s been achieved. Its main goal is to move security from common, established practice to an evidence base, the same way it happened in medicine.

The institute is managed by the RISCS Management team based at University College London.