TBSE (Threat-Based Security Engineering) is a scientific method I have developed for analysing stochastically the dynamics and interactions that lead to security risk. TBSE gives us a way to quantify security risks, and the components that are involved in the creation of security risk, in absolute terms rather than purely relatively (£, $ and € rather than High/Medium/Low).
A scientific method such as TBSE can transform the way Cyber Security is practised. Risk managers could:
Some people, when looking at TBSE for the first time, commented that it reminded them of the Lockheed Martin Cyber Kill Chain (CKC). TBSE is nothing like the CKC. The CKC is a framework for organising security defences, TBSE is a set of methods for quantifying security risk. Any similarity between TBSE’s Threat Pathway and the CKC 7-step attack chain is only superficial, and TBSE provides the defender with a far wider range of capabilities than the CKC tries to do.
TBSE has been reviewed by Imperial College London as part of their work for the NCSC so they can understand its underlying paradigm and concepts, and form a view of its suitability for a range of security risk quantification purposes. Following their review, I am in the process of developing a technical paper describing TBSE in full detail that will be published in due course. It is not a short paper, and it is still in draft, so I can’t make it available here yet. In the meantime, I have written a much shorter 'slightly technical' description that explains what TBSE brings that is new and how people in charge of delivering security within an organisation could use it. You can read that here. Or you can download it as a pdf document here.
I would be happy to discuss any aspect of TBSE with you if you are interested to know more. Please get in touch. Email me at email@example.com or call 07734 311567 (+44 7734 311567).