Skip to main content

Novae and the University of Oxford’s white paper highlights deficiencies in cybersecurity controls


Following a launch event held on 21 February 2017 in The Old Library, Lloyd’s of London, a new white paper has been released, concluding that cybersecurity standards are often not backed up by objective, empirical research, and that they therefore cannot be shown to have quantifiable benefits. The paper titled ‘The relative effectiveness of widely used risk controls and the real value of compliance’ has been published to disseminate the findings of the second phase of a collaborative research programme, sponsored and funded by Novae Group, which draws upon the expertise of academics at the University of Oxford both in the Department of Computer Science (Professor Sadie Creese, Professor Michael Goldsmith, Dr Ioannis Agrafiotis and Dr Jason R.C. Nurse) and at the Saïd Business School (Professor David Upton).

Professor Sadie Creese commented: “Instead of simply working to comply with standards, organisations must look carefully at the vulnerabilities inherent in the assets that they want to protect. Cyber-attackers are creative and aggressive. Both the changing threat and the attack-surface of an organization must be modelled in order to ensure that cyber-controls offer adequate protection from harm.” 

Read more: