; Application details
Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Application details

VIEWS: 23 PAGES: 17

  • pg 1
									URN 06/2059

Restricted - Commercial

SUCCEEDING THROUGH INNOVATION

Human Vulnerability in Network Security Full Stage Application Form

Application details
Notes on completion of this Form
This Form should only be completed by applicants for funding for the Full Project Stage of the Human Vulnerability in Network Security Innovation Platform. Note that applicants must also submit a Feasibility Study Report and each partner must submit an appropriate Finance Form. Before completing this Form, please refer to the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document. This contains specific guidance for completing each field of this Form. The text entry areas within this form are fixed sizes. Applicants must ensure that their content is contained within the boundaries of the text areas. Any content entered which is not visible on the form will not be passed to the assessors of the application. The typeface, font size and colour for the text entry areas are predetermined and must not be changed. Technology priority

Human Vulnerability in Network Security
Reference code

BASS2B
Project title

Trust Economics
Lead organisation name

Hewlett-Packard Ltd
Document ID (to be completed by DTI, not applicants)

NSPFullP0007E.doc
Competition for Funding reference (to be completed by DTI, not applicants)

TP/7/NSP/6/S/P0007E

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 2 of 17

Annexes
Applicants must submit the following three Annexes with their Full Stage Application Form. You should refer to the Annex Requirements in Section 3.6 of the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for guidance on what information should be provided in each annex.
Annex A: (up to two sides of A4) - This should be used to provide additional information to address Question 1: What technical approach will be adopted and how will the project be managed? Annex B: (up to five sides of A4) - This should be used to provide supporting information on your application as appropriate, for example a detailed plan for the full project and for delivering project benefits and diffusion, including identified work packages, milestones, deliverables and accountabilities.. It may also be used to provide supporting information for Question 8: What are the risks (technical, commercial and environmental) to project success? How will the business strategy of the consortium, the technical approach and project management help to mitigate these risks? Annex C: (half a side of A4 for each partner / sub contractor) - This should be used to provide details of the specific expertise and track record of each consortium partner and the main subcontractors to address Question 3: Does the consortium have the right skills and experience to deliver the identified benefits? So that the assessors of your Application are able to open and read the Annexes to assess them, each Annex must be: submitted as a single file in one of the following formats: MS-Word (.doc), MS-Excel (.xls), MS-PowerPoint (.ppt) or Portable Document Format (.pdf); legible at 100% zoom / magnification; display prominently the „Project title‟ as entered on page 1 of this Form; submitted online with this Application Form; named exactly as indicated in the table below.

Annexes may be printed or photocopied in black and white so colour should not be used as the sole method of conveying important information.
Confirm that you are submitting three Annexes with this application Y/N No

Note: if you do not submit all three annexes then your application may be rejected. Each Annex File must be named exactly as indicated in the table below where XXXXXX is your 6-character Technology Programme (TP) Number. When you attempt to upload your files the system will reject any files with incorrect filenames. Description of Annex Annex A Annex B Annex C Name of Annex file AnnexA_XXXXXX.doc or .xls or .ppt or .pdf AnnexB_XXXXXX.doc or .xls or .ppt or .pdf AnnexC_XXXXXX.doc or .xls or .ppt or .pdf

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 3 of 17

Standard Offer Letter
All the consortium partners confirm that they have read the terms of the standard Technology Programme Offer Letter

Yes

Project Timescales
Details of the requirements of project start date and project duration are provided in Section 1.3 of the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document. Estimated project start date

01 April 2008
Project duration (months)

36 months

Abstract of Proposed Project
Senior managers with responsibility for information and systems security face two problems: poor economic understanding of how to formulate, resource, and value security policies; and poor organizational understanding of the attitudes of users to systems security and of their responses to imposed security policies. Consequently, the effectiveness and value of the policies with which users are expected to comply are very difficult to assess. In order to assess the effectiveness and value of security investments in a system, be they in people, process, or technology, it is necessary to have a conceptualization, i.e., a model, of the system and its economic environment. We propose to explore, develop, and apply a predictive modelling framework within which the effectiveness and value of the security policies that regulate the interaction between humans and information systems can be assessed.

Sub-Area(s) Within Technology Priority Area
Please indicate which sub-area(s) within the technology priority will be addressed by your project.
Establishing effective security cultures Employee risk assessment 

Yes Yes

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 4 of 17

Gateway Questions
Please refer to Section 3.5 of the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for details of the specific information required for each of these questions. Note that if your application does not meet the specific requirements of both of the questions below your application will be rejected. Does the application align with the specific technology priority?

In order to assess the effectiveness and value of security investments in an ICT system, be they in people, process, or technology, it is necessary to have a conceptualization, i.e., a model, of the system and its economic environment. To be of value, such a conceptualization must be accessible to senior managers as well as their technical advisers. It should also be possible to make transparent the decsiion processes employed. Thus we will address both of the sub-areas of the Call: • Establishing effective security cultures: By modelling the behavioural consequences of choices of policies, we will seek to establish mechanisms for selecting those choices that promote more effective ‘cultures’. For example, by providing security systems designers, engineers, and managers with the tools and techniques to quantify decisions, better understood and more justifiably trusted systems can be built, and by better managing the burden on users; and • Employee risk assessment: By establishing mechanisms for assessing the consequences, relative to a given security posture, of particular patterns of behaviour, we will be able to provide a framework within which the profile of an employee/user or group of employees/users may be used to assess the possible security implications of particular choices of policies and protocols.
Does the Technology Programme funding add value?

The UK is at the forefront of bringing together industrial, academic and governmental insights, requirements and solutions in cyber security. TSB funding will accelerate capitalising on this emerging UK community to deliver business benefit ahead of increasing international attention, and will allow the area to be pursued in an open standards way. The feasibility study has demonstrated that the particular combination of skills proposed is necessary to deliver a programme based on rigorous modelling addressing the aims of the call and delivering business value. Without funding it would not be possible to bring together these necessary skills. Corporate investment will clearly depend on the size of the opportunity, but this remains difficult to quantify since we estimate that this research is still more than 5 years from market. The feasibility study has demonstrated that the methodology of combining these different modelling techniques is viable. Money claimed by HP against existing staff for this project will be used to hire additional interns. More specifically, support for this project from TSB will significantly increase the resources devoted to this topic by HP Labs: the access obtained to expertise in HCI and Economics (etc) provided will enable its viability on scale that would be difficult to justify at this time. Merrill Lynch would not be able engage with this research in the absence of a funded consortium of the kind we propose. Finally, a successful project will lead to substantial consulting opportunities for the universities and companies involved, resulting in substantial market development and associated employment opportunities.

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 5 of 17

Criterion 1
Please refer to the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for details of the specific questions to be addressed by applicants within these criteria sections.

The UK’s capacity to develop and exploit the technology
3 pages maximum (Page 1 of 3)

The UK demonstrates strong leadership in cybersecurity, with clear international recognition for: introducing standards (e.g., BS7799); education (e.g., Royal Holloway's long standing MSc); professionalism (e.g., Institute of Information Security Professionals); cross industry, academia and government collaboration and sense of community (building on the Foresight CTCP project and recently formed DTI KTN); strong security practices amongst many UK-led companies; and innovation (strong start up presence at Infosec, the leading European information security tradeshow). We believe these factors make the UK ideal for developing and then introducing a more scientific and rigorous approach to establishing and measuring effective corporate security policies and understanding how those policies interact with the rest of the ICT environment. We also believe that success can rapidly be capitalized upon internationally. Threats to organizational value can be understood in terms of the impact of an exploit of a threat upon the systems that support the operation of the organization. For one example, impaired availability of a website may be achieved by an attack (of some form) on a server holding product availability database supporting online sales. For another, the loss of clients’ private data may be caused by the removal of storage media from a call centre, facilitated by inadequate screening of staff on exit. An organization’s CI(S)O is faced with the task of deploying his resources in order to meet the perceived threats, such as the examples mentioned above, to the organization’s value. Established investment modelling tools, such as NPV, Real Options Analysis, and in the context of information security, ALE or GLEIS, provide decision-support of some value for questions about (essentially) fixed systems in highly predictable environments. 1. What technical approach will be adopted and how will the project be managed? See the report on the Feasibility Study, AnnexA, and Annex B for details. Here is a brief summary. We believe that a rigorous understanding of the behaviour of the users of a system (network), together with the economic value of the systems security measures, can be captured within an extension of some established (mathematical) systems modelling techniques. To this end, we describe the conceptual framework within which we are pursuing a study of the economics of information security policies, protocols, and investments. Our perspective is one of ‘systems thinking’ [S96, NO99] and, critically, our aim is to seek to integrate the following three perspectives: • Modelling the behaviour of the users of systems, both internal (operators, staff) and external (customers, regulators), in the context of security policies and protocols; • Mathematical modelling of systems, organizations, and networks, including the security policies and protocols which govern access; • Economic modelling of the costs and value of security policies and values.

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 6 of 17

Criterion 1 (continued)
Please refer to the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for details of the specific questions to be addressed by applicants within these criteria sections.

The UK’s capacity to develop and exploit the technology (continued)
3 pages maximum (Page 2 of 3)

The main challenge is to understand how to integrate effectively two different approaches to modelling; that is, to extend the mathematical modelling of technological aspects of a system to encompass the users of the system and to integrate economic models as valuation methods. Mathematical systems modelling (see, for example [Demos2k], [PT06], [PT07]) uses methods drawn from algebra, logic, computation theory, and probability theory; User modelling uses psychological (e.g., cognitive architectural and knowledge models) model based on our understanding of human memory. Embedded user models (those held by systems representing characteristics of users) often rely on statistical methods. Assessing the validity of such models requires empirical study, either in the form of field or ethnographic studies, and/or experimentation, with datainterpretation informed by the participants themselves. Our methods will be those of classical applied mathematical modelling and experimental (social) science as a basis for systems engineering. This approach adopts a cycle of observation, hypothesis, prediction, and experiment. This approach is explained in some detail in Section 7 of the Feasibility Study Report. Briefly, we will develop a range of (i) empirical tools (e.g., based on Grounded Theory), (ii) conceptual tools (based on ideas from cognitive modelling, such as TKS), (iii) mathematical tools (based on existing work of Pym, Tofts, Collinson, and others), (iv) of computational tools (developing Demos2k in various ways), and (v) economic models (building on ideas such as those of Gordon and Loeb, using pricing models and econometric methods). These are the components to which the modelling cycle will be applied. The proposed Work-packages are explained in detail in Section 8 of the Feasibility Study Report and, for the Project Management Work-package in Annex B . Management will coordinated by HP Labs, Bristol (HPLB), Hewlett-Packard's European central research and development facility, according to the schedule specified in the project description in Annex B. Pym, the Project Manager, has many years of experience in leading highly successful projects funded by bodies such Research Councils (EPSRC), the EU Commission, the British Council, and the Royal Society, as well as industry-based projects within HPLB. Pym is well-supported by Yearworth, one of HP's Senior Research Managers, with many years experience of industrial research project management. All-hands Project Management Meetings, attended by all of the site leaders, will be held quarterly, with monthly telephone meetings in between. More details in Annex B. 2. What is innovative about the project? We will employ a range of modelling technologies drawn from social, cognitive and economic sciences, and from the mathematics of computing (algebra, logic, probability theory) and deploy them in the engineering style of applied mathematics. This approach, which requires the rigorous adoption of the principal of choosing the right level of

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 7 of 17

Criterion 1 (continued)
Please refer to the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for details of the specific questions to be addressed by applicants within these criteria sections.

The UK’s capacity to develop and exploit the technology (continued)
3 pages maximum (Page 3 of 3)

abstraction to capture just the properties and behaviour, has been used with great success by HPL's researcher's in performance modelling. The potential for an outcome involving workforces in rigorously supported policy formulation. Systematic methodology for the assessment of the impact of different security policies. We emphasize that our proposed (and well-tried) modelling approach is quite different from that of formal specification in software engineering: we are not doing that. The objective of extending rigorous systems modelling to encompass the rôles and behaviours of users in the context of systems/network security is we believe, quite new. Moreover, our use of economics as the evaluation mechanism provides a route for us to address one of the major unresolved issues in IT operations: what is the value of information security investments? 3. Does the consortium have the right skills and experience to deliver the identified benefits? The approach required needs skills from user studies, cognitive modelling, mathematical systems modelling and economics. Moreover, the groups providing these skills must understand not only their own technical content but the need to combine and integrate skill sets to support the overall control system approach. We have instantiated these requirements as follows: 1. Sasse at UCL is an expert in user studies in the information security context and their use to inform systems design; 2. Johnson at Bath is an expert in cognitive modelling and co-developer of Task Knowledge Structures (TKS). The Feasibiliy Study has demonstrated the key role in our control system approach that can be played by TKS; 3. Pym et al. at HP are experts in the mathematics of systems modelling and the development of supporting tools. HP also has significant expertise in practical systems modelling and can also provide access to customers as well as internally derived experimental data; 4. van Moorsel at Newcastle has developed significant expertise in assessing security technologies and their role in the delivery of socio-economically effective solutions. 5. Coles, CISO at ML, with a background in cognitive science provides experimental data drawn directly from commercial practice and experience; 6. Ioannidis, in the School of Management at Bath, provides the necessary expertise in financial pricing models and econometrics. Full details of each partner are given in Annex C.

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 8 of 17

Criterion 2
Please refer to the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for details of the specific questions to be addressed by applicants within these criteria sections.

The size of the market opportunity
3 pages maximum (Page 1 of 3)

Finally, a brief note on the skills required of the post-doctoral staff that we expect to hire: - At HPLB, one mathematician, one system developer, one sociologist, one economist. One of the sociologist or economist will lead the details of the interaction with Merrill Lynch; - At UCL, a post-doc with skills to support Sasse's empirical studies, ideally with some information secuity background; -At Bath, a cognitive scientist to assist Johnson wil the development of the theory of TKS and to support integration of the cognitive modelling with the mathematical modelling. Funds at Bath will also be used to relieve Ioannidis' teaching so that he might devote time to this project; - At Newcastle, computer scientists (PhD project, and a half-time post-doc) able to support detailed studies of information security technologies and explain their role in system, user, and economic models; the overall project is suitable for a PhD but the half-time postdoc will ensure much-needed early availability of mature competence. 4. What is the size of the market opportunities that this project might open up? This project is ultimately targeted at introducing a new market for management software and services. We expect much of today's security spend (e.g., anti-virus, intrusion detection and prevention, firewalls) to commoditise and/or be made redundant by moves to more trusted and compartmented infrastructures based on virtualization and trusted computing technologies. For the next 3 years we expect many companies to remain focused on rolling out identity management solutions. But once through the move to a trusted virtualised infrastructure and with identity management in place, we expect companies to refocus their attention on their information security policies and whether they are getting value from these policies and from the security technology solutions they have in place. The value of the proposed project is in being early with a new approach. Existing security spend is not a good indicator of market size, but by comparison with other new management software and service opportunities (e.g., HP's acquisition of Mercury Interactive and their creation of a £500m per annum business technology optimization business) we would conservatively expect to be able to create a new software and service business in excess of £50m per annum. According to IDC Executive Market Watch (9 January, 2007), security and vulnerability management (SVM) software global revenue had a robust 15% growth rate from 2004 to 2005. Revenue in the market was $1.58 billion in 2005, compared with $1.37 billion in 2004. For 2006, IDC believes the SVM market will generate approximately $1.86 billion, a 17.8% increase. By 2010, the market should exceed revenue of $3.4 billion, with a surprisingly steady CAGR [Compound Annual Growth Rate] of 16.7%.

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 9 of 17

Criterion 2 (continued)
Please refer to the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for details of the specific questions to be addressed by applicants within these criteria sections.

The size of the market opportunity (continued)
3 pages maximum (Page 2 of 3)

5. What are the possible applications of this project and how do you intend to disseminate and exploit the results? What Intellectual Property (IP) will be generated and how will this be identified and managed? The Full Project will build on the application of the framework to real examples carried out in the feasibility study (such as Merrill Lynch's security policies). Such examples include, but are not limited to the following types of problem: 1. Network access control: who, what, where, etc.? 2. Mobile devices: the value and delivery secure, mobile services? 3. Web services: next generation web service automation? HP will aproach its customers (including but not exclusively Merrill Lynch) to identify possible case studies. Dissemination will be via publications in journals and scientific conferences, presentations to customers, case studies, consultancy business for HP, Merrill Lynch and the academic partners. Whilst acknowledging that many companies are not prepared to be open about how they approach security, customers will be selected based on their willingness to publish case studies of the effectiveness of changes in their security policies and associated technology investments. So, minimally, we expect to improve the way security consultancy is carried out by publishing case studies

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 10 of 17

Criterion 2 (continued)
Please refer to the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for details of the specific questions to be addressed by applicants within these criteria sections.

The size of the market opportunity (continued)
3 pages maximum (Page 3 of 3)

6. What are the expected quantified commercial benefits and what is the timescale over which these will be realized? This is a basic research project. Consequently it is dificult to quantify the commercial benefits in the short to medium term. Nevertheless, we can identify some clear commercial benefits: 1. A successful project will lead to new consultancy opportunities for the academic partners, for HP and potentially for Merrill Lynch. It will also lead to new software and service opportunities for HP; 2. Merrill Lynch will place itself as a sector-leader in information security, setting higher standards for the financial services industry; 3. The output from the project in the scientific literature will lead to better security management for the rest of industry; 4. We would also expect that the project will lead to improvement in the way requirements for managed security services are specified and the way those services are measured; e.g., meaningful security SLAs; 5. We expect that the results from this project will change the way in which the industry operates, establishing the role of the trusted advisor meditating between the customers' IT security needs and the IT systems providers' technologies and capabilities. The commercial benefit is the quantification of this relationship.

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 11 of 17

Criterion 3
Please refer to the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for details of the specific questions to be addressed by applicants within these criteria sections.

Potential impact and timescale
3 pages maximum (Page 1 of 3)

7. What economic and sustainability benefits is the project expected to deliver to those outside the consortium and over what timescale? In addition to the economic benefits listed in answer to Q6 we also expect longer term sustainability benefits, deriving from reducing the threats to IT enabled business, to arise. For example, the past year has seen a rapid increase in organized cyber-crime and ever increasingly sophisticated scams to extract information from individuals and employees of corporations. Providing senior IT executives with the ability better to understand how to educate their employees about cyber risks and make choices about where to invest in technology and where to depend on employee compliance with policy is imperative, with clear economic benefit. We believe value can be delivered incrementally throughout the lifetime of the project to the wider community by sharing modelling case studies, and the project will seek opportunities within the KTN and UK ICT security conferences and executive briefings to disseminate the results. We can identify the following groups of beneficiaries: • • • • • • • • Initially, major UK, European and other corporations, including governmental and public bodies, which have requirements for high standards of information security in their operations; The information security industry itself, which will be able to begin to develop a more rigorous, more reliable basis for its decision processes; Within the information security industry, consultants to businesses of all sizes will gain access to improved tools and processes; The users, be they enterprises, SMEs, or individuals of IT-enabled services, will see better management of the risks to which their personal and confidential data is exposed; The partner companies, Hewlett-Packard and Merrill Lynch, will be at the forefront in their respective sectors for information risk management; The contributing academic disciplines, such as those mentioned above; The academic institutions contributing to the project will be at the forefront in this exciting area; The UK economy itself: information security investments, properly understood, should be seen as enablers of business and differentiators in the world marketplace.

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 12 of 17

Criterion 3 (continued)
Please refer to the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for details of the specific questions to be addressed by applicants within these criteria sections.

Potential impact and timescale (continued)
3 pages maximum (Page 2 of 3)

8. What are the risks (technical, commercial, and environmental) to project success? How will the business strategy of the consortium, the technical approach and project management help to mitigate these risks? HP Labs is HP’s corporate research organization and is tasked with managing the risks of technology innovation to provide new business opportunities for the company. The project will make use of HP Labs’ approaches to research management and use both HP Labs’ management oversight and access to the company’s CTOs to review that the likely business benefit. Involvement from the European CISO of Merrill Lynch provides senior commercial-user oversight that the project is addressing right issues. Technical risks: i) theory development follows schedule; ii) cross-discipline integration leads to useable end-to-end methodology; iii) necessary tools are develpoed and integrated; iv) sufficiently useful models created; v) overall end-to-end metodology is validated. Rating: overall, high (basic research); (i) high; (ii) low (proven in Feasibility Study); (iii) medium; (iv) high; (v) high. Mitigation: i) strength of consortium skill-base; ii) the Feasibility Study has substantially de-risked this; iii) quality of staff recruited and of existing HPLB team; iv) short term staff exchange and recruitment based on skill range. Continuous cross checking of modelling and case study data; v) actions (i) - (iv). Commercial risks: i) no protectable IP or IP difficult to protect; ii) project is a long way out from commercial exploitation. Rating: high Mitigation: i) identification of an IP strategy; ii) gain better understanding of the market through customer engagements. Managerial risks: synchronization across the five teams. Rating: low Mitigation: prioritization of this project, continuous communication; shared tools; best practices from previous large project management; collaboration culture already established in the feasibility study. Environmental risks: difficulties in operating a highly interdisciplinary project over five widely distributed sites. Rating: medium Mitigation: quarterly All-hands Project Meetings; best practice from commercial partners.

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 13 of 17

Criterion 3 (continued)
Please refer to the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document for details of the specific questions to be addressed by applicants within these criteria sections.

Potential impact and timescale (continued)
3 pages maximum (Page 3 of 3)

9. What is the financial commitment required for the project? Funding from the TSB enables us to bring together sufficient breadth and depth of technical skills necessary to address this research challenge. The funds requested for the Full Project are around £400k per annum for 3 years (total about 1200k), nicely reflecting the balance of funding between the industrial and academic partners indicated as being appropriate by the Feasibility Study. Such funding would support additional researchers at the academic sites and at the lead industrial site, as well as associated equipment and travel. We should expect to support 4 or 5 case studies, involving customers, as well as conceptual work and technical work. It should be noted that one of the posts to be supported at HPLB will be substantially directed towards supporting detailed studies at Merrill Lynch. Location at HPLB will provide better access to scientific and technological support, as well as better engagement with the (research) culture and management of the project than would be available to a post located wholly within Merrill Lynch. Im more detail, cash-flow breakdown by time and by work package are shown in Annex B. with the total project cost is £1.618M, corresponding to around £540k per annum for 3 years, with funds requested of £1.204M.

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 14 of 17

Financial
Please complete the information requested in the following table in accordance with the following notes. The information for each row shall be copied by each partner from their Finance Form and passed to the Lead Partner for entry into the table. Please ensure that the information provided is consistent with the applicable funding levels and eligible costs for your project. Guidance on funding levels is provided in Section 2.1 of the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document. Guidance for Eligible costs is provided in Appendix 1 of the “Guidance for Applicants, Autumn 2006 Competition for Funding – Human Vulnerability in Network Security” document. Column 1 – Organisation name
Please provide the names of the lead organisation and partners in your project.

Column 2 – Contribution to project by each organisation (£)
Please list the total contribution to be made to the project by each organisation as appropriate.

Column 3 – Funding sought from the Technology Programme (£)
Please enter the funding sought from the Technology Programme from this competition for funding.

Column 4 – Other funding from public sector bodies (£)
Please include any funding for your project from public sector bodies for which you have applied for separately, and not as part of this competition. Funding from Other public sector bodies might include other applications to Research Councils, other Government Departments, Regional Development Agencies, Devolved Administrations and some charities. The purpose of this column is to provide DTI with information on the total funding for your project.

Column 5 – Total (£)
The total cost of the project – this is the sum of columns 2, 3 and 4 and will be entered automatically.

Bottom Row – Total (£)
The total of each column will be entered automatically.

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 15 of 17

Financial (continued) 1
Organisation name

2
Contribution to project by each organisation (£)

3
Funding sought from the Technology Programme (£)

4
Other funding from public sector bodies (£)

5
Total (£)

Lead Org. Partner 1 Partner 2 Partner 3 Partner 4 Partner 5 Partner 6 Partner 7 Partner 8 Partner 9 Partner 10 Partner 11 Partner 12 Partner 13 Partner 14 Partner 15 Partner 16 Partner 17 Partner 18 Partner 19 Partner 20

Hewlett-Packard Merrill Lynch University of Bath University College London Newcastle University

350,788 63,196 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Total (£)

350,589 63,196 278,326 256,018 255,995 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1,204,124
1,204,124 0 0 0

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

701,377 126,392 278,326 256,018 255,995 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1,618,108

413,984

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 16 of 17

Financial (Continued)
Financial summary
Note: These Totals are entered automatically Total eligible project costs (£) (The total from column 5 in the table on the previous page)

1,618,108

Total assistance sought from all public sector bodies (£) 1,204,124 (The sum of the totals for columns 3 and 4 in the table on the previous page)

Other Funding From Public Sector Bodies
If you have included one or more entries in column 4 of the table on the previous page please provide the name(s) of the bodies, the name of the programme or scheme from which the funds are provided and the amount of the funds.
Public sector body name Source of funds: name of programme or scheme Amount of funds (£) Date on or by which funding awarded

0 0 0 0 0

Previous Public Sector Funding
Have you previously applied for, been offered, or received any No other financial assistance from the DTI or other public sector body (other than that listed in the table on the previous page) for this project?
Date funding applied for Source of funds Amount of funds (£) Successful Application ? (Yes/No) No

0 0 0 0 0

No No No No

Consortium Partners’ Details
Only the Lead Partner should complete the following page. Industrial Consortium Partners’ details should be entered on their Finance Forms. Academic Partners’ details will be extracted from Je-S system along with their other financial details.

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:

URN 06/2059

Restricted - Commercial

Page 17 of 17

Lead Partner’s Details
Only the Lead Partner should complete this page
Organisation name

Hewlett-Packard Ltd
Contact
Contact title Contact forename

Prof
Contact surname

David

Pym
Contact position

Principal Scientist
Contact email

david.pym@hp.com
Contact phone Contact fax

+44 (0)117 312 8012
Organisation type

+44 (0)117 312 9250

Public Limited Company
Organisation status

Established
Organisation address
Line 1 Line 2 Line 3

Company Registration Number 690597

Hewlett-Packard Laboratories Filton Road Stoke Gifford
County

Town/City

Bristol
Postcode

South Gloucestershire
Country

BS34 8QZ
Turnover (£)

United Kingdom
Number of staff

2,845,175,000 2005

10000

Year used for turnover and number of staff

SIC code (Standard Industrial Classification) (Please use the 2003 code) (See SIC Code Guidance notes) 72

Technology Programme Network Security Full Stage Application Form – Autumn 2006 Competition for Funding Reference:


								
To top
;