TIGIR's Origin: The Research Philosophy
Security, especially cyber security, has been in a prolonged transition stage. For decades we have been using the same threat risk methodologies and the same means to calculate impacts and costs associated with the loss, disruption, damage and sabotage to IT systems as well as others.
With cyber in particular we have seen threats not only evolve in their technological sophistication but also in their asymmetry, where they now leverage various domains - social engineering for information, physical security, access credentials, data manipulation - along with technology to meet their agenda.
TIGIR was born after 15 years of doing the same thing over and over and getting the same deficient results: breaches. But we continued to perform Security Assessment and Authorization (SA&A) and Threat Risk Assessments (TRAs) the ‘old way’ – manually. Then we would arbitrarily purchase technological safeguards to plug the holes and fill the gaps. There had to be a better way.
There wasn't much out there and most practitioners didn't acknowledge that were was much of a problem. So, I began to write better methods to meet the needs of the current threat climate, evolving to the TIGIR methodology.
After, I functionalized the methods and wrote a comprehensive algorithm, now patented, that could calculate all of the risk values government and business needs – and TIGIR was born. After some betas, prototypes and pilots, we’re now moving to market, getting the word out and solving a big problem with logic and consistent assessment.
Marrying multiple standards and tracking and monitoring of assessments were key, but so was tracking security incidents on assessed assets to understand what controls were working and what ones weren’t. Currently, much of the data gathering from security breaches stops short of analysis, little intelligence is collected, even less is shared.
For that reason, every assessment performed in TIGIR allows for detailed breach reporting that collects information using a reverse engineered forensic framework. The more breach reports that created, the more effective security controls become with the added value of attribution.
So that’s TIGIR 1.0 – and we can’t wait to release TIGIR 2.0, a full service supply chain security software built around TIGIR’s original risk functions.
VALARIE FINDLAY, CHIEF EXECUTIVE OFFICER and CHIEF SCIENTIST
Professionally, Valarie has over twenty years in national security, intelligence and threat analysis for US and Canadian governments. From this experience, she developed the methodology and functionality for TIGIR to meet a growing risk assessment and compliance need in public and private sector.
Born in Ottawa, Canada, Valarie has a Masters in Terrorism Studies, a Masters in Sociology and is currently writing her doctoral thesis on terrorism as a social phenomenon. She is also a member of IALEIA, CAPIA and several other intelligence and cyber-related committees.
TIGIR’s US and Canadian patent was filed in 2015, and development proceeded on the beta and prototype, garnering positive reviews and user acceptance. The full version is about to be release in early 2022. The US patent was issued in 2020 and the Canadian patent is in examinations. A continuation has also been filed to extend and protect the IP.
Through her extensive network as a member of the Canadian Assoc. Chiefs of Police/CATA, eCrime Cyber Council, the American Society for Evidence-Based Policing (ASEBP), AFCEA Cyber Committee (Washington DC) and as a research fellow with the National Police Foundation, her software solution has received positive feedback.