Model-based assurance of security controls

We present an innovative way to assess the effectiveness of security controls where measurable aspects of controls are first captured in models and then the models are used to analyze the security data gathered from the IT environment. The aim is to lift the risk and security control assessment lifecycle from a series of people based processes to one where model based technology enhances and automates the process.