Research Fellows: Manos Panaousis
The MERIT addresses the challenge of how to take better cyber security investment decisions. It aims at minimising cyber security risks by optimally investing its budget for cyber controls. In a multi-disciplinary approach, itutilises both economics and cybersecurity engineering insights to significantly extend the state-of-the-art in decision support for cybersecurity spending. It combines econometrics, game theory, mathematical optimisation and cyber security engineering concepts.
MERIT is addressing the complete cyber security management lifecycle, including asset pricing, threat-based risk assessment and optimal risk control constrained by a financial budget. The value of MERIT to practitioners is to increase the effectiveness of cyber security budget spending as decided by Chief Information Security Officers (CISOs) and boards of directors. This effectiveness refers to both time to make a decision as well as financial savings.