You are here

SBIR Phase I:Enterprise Cyber Security Scoring

Award Information
Agency: National Science Foundation
Branch: N/A
Contract: 1013603
Agency Tracking Number: 1013603
Amount: $150,000.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: IC
Solicitation Number: NSF 09-609
Timeline
Solicitation Year: 2010
Award Year: 2010
Award Start Date (Proposal Award Date): N/A
Award End Date (Contract End Date): N/A
Small Business Information
738 Main St PMB 398
Waltham, MA 02451
United States
DUNS: 008944107
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Stephen Boyer
 PhD
 (978) 821-4273
 sboyer@mit.edu
Business Contact
 Stephen Boyer
Title: PhD
Phone: (978) 821-4273
Email: sboyer@mit.edu
Research Institution
N/A
Abstract

This Small Business Innovation Research (SBIR) Phase I project addresses the challenges of risk management between businesses engaged in cyber-related business relationships. When businesses establish network or other cyber-related connections, they are sometimes poorly informed about the potential risk that they assume. Businesses typically rely on costly and time consuming cyber security audits to inform them about the potential cyber and ensuing business risk of the relationship. The solutions that exist today are inefficient and have yet to properly address the industry's need for a reliable and inexpensive means of assessing the cyber security risk incurred through a particular business relationship. CyberAnalytix's objective is to produce a cyber security score. Businesses would use the cyber security score to inform cyber related business decisions such as outsourcing, vendor IT relationships, and compliance. The Phase I research objective is to develop a scoring methodology that is credible, predictive, scalable and principally automatable. CyberAnalytix anticipates developing the scoring methodology as well as testing the methodology on a small set of business entities to evaluate whether the methodology and resulting score meet the prescribed objective characteristics.
Historically credit scoring has been a cost- and time-saving technology that has provided tremendous value to lenders and borrowers alike by helping to reduce cost, predict future loan performance, and to improve credit accessibility and affordability. Unlike credit scoring, no industry standard scoring service exists to rate business with respect to their cyber security risk. There is an opportunity to address a costly and inefficient industry pain point and have a broad economic impact. The need for cost effective, high-quality, and reliable business cyber security scoring will continue to increase as more services are network enabled, outsourced, or accessed through the network "cloud." If this effort were to succeed, businesses would reap the same time and cost savings that lenders do from credit scoring services from credit bureaus. The scoring methodology will enable businesses to make better, more informed, data-driven decisions about business risk in the cyber security and broader business context.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government