Thought Leadership in Risk Assessment and Cyber Security
WCK is at the vanguard in the fields of risk assessment and cyber security. The company actively participates and contributes to leading international committees and research projects on topics such as:
- Critical Infrastructure Protection (CIP) – focusing on protecting the vital infrastructure we all rely on such as electricity, water and gas from cyber attacks;
- Decision-support methods and tools for senior decision-makers to understand the cost of security breaches and the actual business value of security investments and activities.
WCK EESA™: An Improved Risk Assessment Model
The WCK unique End-to-End Security Assessment (EESA™) methodology provides an end-to-end view of an organization’s risk. This comprehensive risk assessment process helps expose hidden vulnerabilities by understanding how risk cascades throughout an organization. These abilities are vitally important need in today’s cyber age.
WCK’s risk assessment process has been acknowledged by major security agencies and research bodies as an essential enhancement to security standards such as ISO 2700X and NIST 800-53. EESA™ has been selected as a leading risk assessment methodology by the Assessment of Critical Infrastructure Protection (ACIP) project, the Center for European Policy Studies (CEPS) and the European Network and Information Security Agency (ENISA).
EESA™ is the risk assessment framework for the WCK GRC software platform.
Click here for a more in-depth understanding of EESA™.
Mr. Eyal Adar, WCK’s founder and CEO is a prominent researcher in the fields of GRC, IT security, risk management and CIP (Critical Infrastructure Protection). In the last 11 years. Mr. Adar had played a key role in diverse international research projects.
Mr. Adar’s international contribution started in 2002. As a result of the terrorist attacks of Sept 11, the first European ACIP research project was initiated wit the aim of defining a European research road-map of risk assessment methodologies. He was also a member of the first European delegation that collaborated with the American National Science Foundation (NSF) in this area.
Mr. Adar developed the EESA™ risk assessment model as a result of the challenges and needs he faced during his participation in these research activities.
A selected list of relevant research activities:
- 2013 – 2014: New Smart Grid Taskforce at CEPS, the Center for European Policy Studies serving as the the strategic think tank for the EU.
- 2011-2014: WCK is a member of the European Commission’s “ValueSec” a research project, which aims to provide strategic decision makers with decision support methods and tool-sets to analyze the value of security (Project’s site). WCK is the lead for the tool-set and is leading the use-case for Risk Management for Energy companies.
- 2011: WCK is a member of the European Information Security Agency’s (ENISA) workgroup on the “Economics of Security”. WCK collaborated with TUV (Germany) in the area of “IT Security Risk Management for Business Processes” (Report, see page 26)
- 2010: WCK is a member of the Central European for Policy Studies’ (CEPS) Task Force on “Protecting Critical Infrastructure in The EU”. In the Task Force’s report, EESA ™ is recommended as an example risk assessment framework for European countries (Report, see page 63)
- 2005-2009: Mr. Adar was one of the co-editors of the European CIIP Newsletter that served the research community in Europe and covered the leading European CIIP research projects (Newsletter, volumes 1-5)
- 2006-2007: Mr. Adar was the leader of the Security Risk Assessment Initiative (SRMI), which defined Risk Management research needs as part of the European Security Task Force as well as took part in the preparations for the “Final ICT Security & Dependability Research Strategy Beyond 2010” (Document)
- 2003-2005: Mr. Adar was a member of the Israeli delegation to the UN’s World Summit of Information Society (WSIS), where CIP issues were discussed.
- 2003: The preliminary version of EESA was presented in the first CIP conference in Germany, with Professor Heinz Thielmann, the CEO of the Fraunhofer Security Institute in Germany (SIT) (Report, page 172)
- 2002: Mr. Adar was a member of the European delegation to the first EU/US collaboration workshop with the National Science Foundation (NSF) for CIP, where he presented the challenges of Security Risk Assessment (Report, see page 15)
- 2002: Mr. Adar was a member of the European ACIP project, the first CIP research project in Europe that was initiated as a result of Sept 11. The role of the project was to set the European research roadmap in the area of CIP Risk Assessment and simulation methods (Project’s description in the European IST Research Site)
A Selected List of Publications and Key Note Presentations about Risk Management, WCK and EESA™:
- 2011: The Business Process Risk Management article was published in ENISA’s Report on the “Economics of Security”, written with Mr. Ralf Schneider from TÜV Informationstechnik GmbH (Report and Presentation)
- 2010: EESA was recommended in the Center for European Policy Studies (CEPS) report on “Critical Infrastructure Protection in the EU” (Report)
- 2006: WCK was presented in an article written by Mr. Adar and Prof. Gwendal Le Grand from ENST France at the International Workshop on Complex Network and Infrastructure Protection (CNIP) in Italy, 2006 (Article and Presentation)
- 2005: WCK was featured in an article at the First IEEE Workshop on Critical Infrastructure Protection, Darmstadt.
- 2005: WCK was presented in the United Nations’ conference, UN’s World Summit on the Information Society (WSIS) in Tunis. The presentation is available at the Israeli Ministry of Foreign Affairs website, under “e-future of Israel”
- 2003: An article about EESA was published in the first German Informatics Society (GI) workshop on CIP in Frankfurt, A.M. Written with Professor Heinz Thiemann, president of the Fraunhofer – SIT Institute in Darmstadt (Article)
- Book: “Applied Technology Integration in Governmental Organizations”, Vishanth Weerakkody, Hershey, PA 2011, p159 (Google book)
- Book: Computer Safety, Reliability, and Security, Janusz Górski, Springer 2006, p319 (Google book)