Cyber Risk and Resilience Management Research

Our work includes various research areas. The projects that support these research areas typically include work with other organizations. You may be a candidate for working with our researchers. If you are interested, please contact us.

Modeling the Economics of Cybersecurity

We work with key industry, government, and academic partners to help organizations methodically determine how to prioritize and optimize their security spending to achieve the most cost efficient risk mitigation.

Cyber Risk Insurance

We work with a wide range of stakeholders in the cyber risk insurance industry to develop sophisticated methods for gauging the cyber risk exposure of potentially insured organizations by combining threat profile information with an assessment of the maturity of the organization's security capabilities.

Cybersecurity Governance

We work with a range of industry collaborators to assess the state of cybersecurity governance. From this assessment of the current state and building on foundational work in CERT-RMM, we are developing implementation guidance for raising cybersecurity to an enterprise governance level.

Cybersecurity Assurance

Our Cybersecurity Assurance Research empowers organizations to gain justified confidence in their cybersecurity posture by developing techniques to evaluate the fundamental processes required to manage operational risk and technical safeguards that surround your most important assets.

Resilience Measurement and Analysis

Our Resilience Measurement and Analysis research identifies measures and analysis that can be used to evaluate the effectiveness of resilience efforts in an organization.

Supply Chain Risk Management

Our Supply Chain Risk Management research helps government and private industry manage their external dependency risks.