
TIGIR's Origin: The Research Philosophy
Security, especially cyber security, has been in a prolonged transition stage. For decades we have been using the same threat risk methodologies and the same means to calculate impacts and costs associated with the loss, disruption, damage and sabotage to IT systems as well as others.
With cyber in particular we have seen threats not only evolve in their technological sophistication but also in their asymmetry, where they now leverage various domains - social engineering for information, physical security, access credentials, data manipulation - along with technology to meet their agenda.
TIGIR was born after 15 years of doing the same thing over and over and getting the same deficient results: breaches. But we continued to perform Security Assessment and Authorization (SA&A) and Threat Risk Assessments (TRAs) the ‘old way’ – manually. Then we would arbitrarily purchase technological safeguards to plug the holes and fill the gaps. There had to be a better way.
There wasn't much out there and most practitioners didn't acknowledge that were was much of a problem. So, I began to write better methods to meet the needs of the current threat climate, evolving to the TIGIR methodology.
After, I functionalized the methods and wrote a comprehensive algorithm, now patented, that could calculate all of the risk values government and business needs – and TIGIR was born. After some betas, prototypes and pilots, we’re now moving to market, getting the word out and solving a big problem with logic and consistent assessment.
Marrying multiple standards and tracking and monitoring of assessments were key, but so was tracking security incidents on assessed assets to understand what controls were working and what ones weren’t. Currently, much of the data gathering from security breaches stops short of analysis, little intelligence is collected, even less is shared.
For that reason, every assessment performed in TIGIR allows for detailed breach reporting that collects information using a reverse engineered forensic framework. The more breach reports that created, the more effective security controls become with the added value of attribution.
So that’s TIGIR 1.0 – and we can’t wait to release TIGIR 2.0, a full service supply chain security software built around TIGIR’s original risk functions.
VALARIE FINDLAY, CHIEF EXECUTIVE OFFICER and CHIEF SCIENTIST
Dr. Valarie Findlay has three decades of senior expertise in Canadian and US government. She has managed and participated in the transformation of mission critical systems, developed cyber security strategies and frameworks to meet data, resource and system requirements and identified capabilities and methodologies to deliver counter-measures aligned with departmental security strategies. She has a doctorate in social science focusing on ideological violence and social change and also has a Masters in Terrorism Studies (International Relations, University of St. Andrew's), and a Masters in Sociology University of Leicester).
TIGIR’s US and Canadian patent was filed in 2015, and development proceeded on the beta and prototype, garnering positive reviews and user acceptance. The full version is about to be release in early 2022. The US patent was issued in 2020 and the Canadian patent is in examinations. A continuation has also been filed to extend and protect the IP.
Through her extensive network as a member of the Canadian Assoc. Chiefs of Police/CATA, eCrime Cyber Council, the American Society for Evidence-Based Policing (ASEBP), AFCEA Cyber Committee (Washington DC) and as a research fellow with the National Police Foundation, her software solution has received positive feedback.