TBSE (Threat-Based Security Engineering) is a scientific method I have developed for analysing stochastically the dynamics and interactions that lead to security risk. TBSE enables me to quantify security risks, and the components that are involved in the creation of security risk, in absolute terms rather than purely relatively (£, $ and € rather than High/Medium/Low).
A scientific method such as TBSE can transform the way Cyber Security is practised. Risk managers could:
Some people, when looking at TBSE for the first time, commented that it reminded them of the Lockheed Martin Cyber Kill Chain (CKC). TBSE is nothing like the CKC. The CKC is a framework for organising security defences, TBSE is a set of methods for quantifying security risk. Any similarity between TBSE’s Threat Pathway and the CKC 7-step attack chain is only superficial, and TBSE provides the defender with a far wider range of capabilities than the CKC tries to do.
TBSE has been reviewed by Imperial College London as part of their work for the NCSC so they can understand its underlying paradigm and concepts, assess its analytical strengths and weaknesses, form a view of its capabilities, and determine its suitability for a range of security risk quantification purposes. If you would like to know more about that review and to take advantage of what TBSE can do for you, please get in touch. Email me at firstname.lastname@example.org or call 07734 311567 (+44 7734 311567).