University of Piraeus Research Center participated at the kick-off meeting of the SECONDO project which is a Marie Skłodowska-Curie Action. UPRC will participate and will be the project coordinator as well as the technical and innovation coordinator. UPRC will take advantage of the exchange program to perform joint processing and publications where possible. The staff of UPRC will publish the project results in top-level scientific journals and conferences aiming at increasing the understanding of the research community about security economics, establishing UPRC’s position as a regional center of excellence in relevant activities.
The SECONDO is a project that proposes a unique, scalable, highly interoperable Economics of Security as a Service (ESaaS) platform and aims to estimate cyber risks based on a quantitative approach that focuses on both technical and non-technical aspects that influence cyber exposure. Moreover, it provides an analysis of effective and efficient risk management by recommending optimal investments in cybersecurity controls. Also, it determines the residual risks and estimates the cyber insurance premiums considering the insurer’s business strategy, while eliminates the information asymmetry between the insured and insurer.
The platform will deliver a risk management platform for enterprises of various sizes, with respect to the General Data Protection Regulation (GDPR) framework, enabling formal and verifiable methodologies for insurers that require estimating premiums. SECONDO fosters the fruitful collaboration of academia and industry targeting at developing an innovative platform of security economics and aims to bridge the fundamental gap between academic (i.e. more theoretical and fundamental) and industrial research (i.e. more system-specific and devoted to solutions that can be implemented in real-life scenarios).
SECONDO focuses on endorsing the collaboration among experts in i) designing advanced methodologies for data analysis for risk management, and ii) implementing advanced modular software that combines modules for decisions on cyber security investments and cyber insurance. To this end, it is vital that the industrial beneficiaries transfer their deep know-how on the development of software products and data analysis platforms, tailored to real enterprise scenarios.