SPHINX User Interface Functional Requirements & Guidelines: Real-Time Cyber Risk Assessment

The SPHINX System interacts with the user in order to develop cyber awareness concerning risks, vulnerabilities and incidents within the  IT  network and connected devices. Moreover,  it allows the user to perform vulnerability assessment and certification of devices.  In this regard,  the user interface needs to be designed according to the user’s needs and expectations to ensure the utility of SPHINX.

Continue from Part V.

Real-Time Cyber Risk Assessment (RCRA)

Risk assessment relies, directly or indirectly (through SIEM and DSS components), on structured data originating from the Information Domain (vulnerability assessment results, threat signatures logged by DTM and HP, and detection logs provided by SIEM), along with input from AI agents (AD, MLID) that act as intermediary knowledge extractors. Such knowledge, in conjunction with external sources, serve as a starting point for the initiation of the real-time risk assessment workflow which constantly needs to be “aware” of materialised threats, vulnerable IT assets, and the connections amongst them. Given that the visibility of the overall IT assets estate is related to the prompt identification and response to cybersecurity incidents, an Asset Repository sub-module is utilised which is dynamically notified regarding the entities connected to the network, by the DTM component.

As outputs, RCRA provides Risk assessment reports which are distinguished into two different types. Reports that have been produced because of an incident notification and general reports that are mostly aimed at giving an assessment of the possibility of occurrence of a threat.

At any time, users can navigate to the various dashboards that are offered by the RCRA.

In the Risk-Objective Dashboard presented below, users can go over the risk assessment results. Should any value exceed the specified level, shall appear highlighted.

Users can overview the whole history of produced risk assessment report in the Risk Report panel as follows:

Users can browse this list and access the detailed view of each report (as shown in the next snapshot), in which specific information about the posterior probabilities of potential objective states, the utility nodes and the utility of the decision nodes is presented.

In addition to the risk related dashboard, in order to have a quick glance on assets, threats and vulnerabilities, RCRA component provides a complimentary set of dashboards.

The next pair of snapshots depict the Asset Dashboard, wherein users could see a summary of the recorded assets within the SPHINX ecosystem. Visualisation includes asset categorisation based on their type, the overall ownership status and the number of business functions each asset supports.

Next, the two snapshots below present the Threats Dashboard where general information about threats can be found. These charts present information about the number of high likelihood threats against each asset type, the threats with the higher calculated likelihood, etc.

Finally, the following snapshot shows the Vulnerability Dashboard which presents information about the vulnerabilities affecting the assets in the system. Specifically, details about the allocation of vulnerabilities between the asset organised by the asset types, most occurring vulnerabilities, most specific assets with vulnerabilities and historic data, are provided.

More information about the Functional Requirements and Guidelines of the Real-time Cyber Risk Assessment and the SPHINX Toolkit can be found in Deliverable 2.10 that is publicly available here.