Prof. ir. Christophe Huygens
Christophe is a consultant, an academic and an entrepreneur. He teaches Internet Security at K.U. Leuven. His research interests include methods and metrics for quantification of policy compliance, assurance processes, policy enforcement and assurance strategies and security of sensor networks.
He co-founded Ubizen and served as its CTO.
As a consultant, Christophe helps clients with operational risk management as well as security and large-scale monitoring problems.
Software security: business risk
Secure application development is not a stand-alone activity: it relates to other activities in the field of security, ICT and our business objectives. In this section we zip through this business ecosystem.
We look at risk as an integral part of doing business: what are the various dimensions of risk, how can we handle those and how important is development risk in this overall picture. Zooming into this may clarify why development risks have received little attention.
Next we look at how to quantify some risks involved with some examples from the financial industry... we try to measure security for ICT systems and present the metrics approach by looking at some metrics for secure application development. The talk reports on recent research findings and trends in this field.
Then we move to the perspective of our adversary: how much much money can be made by exploiting s/w? How much is my personal financial data worth on the black market? This gives some idea of the resources our adversary has available.