Inferential analysis using feedback for extracting and combining cyber risk information
First Claim
Patent Images
1. A method, comprising:
- assessing risk of a cyber security failure in a computer network of an entity, using a computer agent configured to collect information from at least one accessible Internet elements, wherein the collection of information occurs periodically or continually over time, wherein the assessing of risk comprises;
determining circumstantial or indirect information that is indicative of the entity based on the collected information;
confirming or inferring that the entity is referenced in the circumstantial or indirect information that is indicative of the entity being referenced in the circumstantial or indirect information by cross-referencing data in the collected information; and
increasing or decreasing the assessed risk if the circumstantial or indirect information indicative of the entity is respectively negative or positive;
automatically determining, based on the assessed risk, a change or a setting to at least one element of policy criteria of a cyber security policy;
automatically recommending, based on the assessed risk, computer network changes to reduce the assessed risk;
providing one or more recommended computer network changes to reduce the assessed risk, enactment by the entity of at least one of the one or more of the recommended computer network changes to reduce the assessed risk to the entity; and
in response to determining that the entity has enacted at least a portion of the recommended computer network changes, initiating the change or the setting to the at least one element of policy criteria of the cyber security policy.
4 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of the present technology include methods of assessing risk of a cyber security failure in a computer network of an entity. Some embodiments involve using continual or periodic data collecting to improve inferential analysis, as well as obtaining circumstantial or inferential information from social networks. Machine learning may be used to improve predicitive capabilities. Some embodiments allow for identification of an entity from circumstantial or inferential information based on the machine learning and comparative analyses.
-
Citations
22 Claims
-
1. A method, comprising:
-
assessing risk of a cyber security failure in a computer network of an entity, using a computer agent configured to collect information from at least one accessible Internet elements, wherein the collection of information occurs periodically or continually over time, wherein the assessing of risk comprises; determining circumstantial or indirect information that is indicative of the entity based on the collected information; confirming or inferring that the entity is referenced in the circumstantial or indirect information that is indicative of the entity being referenced in the circumstantial or indirect information by cross-referencing data in the collected information; and increasing or decreasing the assessed risk if the circumstantial or indirect information indicative of the entity is respectively negative or positive; automatically determining, based on the assessed risk, a change or a setting to at least one element of policy criteria of a cyber security policy; automatically recommending, based on the assessed risk, computer network changes to reduce the assessed risk; providing one or more recommended computer network changes to reduce the assessed risk, enactment by the entity of at least one of the one or more of the recommended computer network changes to reduce the assessed risk to the entity; and in response to determining that the entity has enacted at least a portion of the recommended computer network changes, initiating the change or the setting to the at least one element of policy criteria of the cyber security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
determining circumstantial or indirect information, that is indicative of an entity, based on information collected from at least one publicly available Internet elements, the information being collected periodically or continually over time; matching the obtained circumstantial or indirect information to entity information included in a database; confirming or inferring that the entity is referenced in the circumstantial or indirect information that is indicative of the entity being referenced in the circumstantial or indirect information by cross-referencing data in the collected information with the information in the database; automatically determining a change or a setting to at least one element of policy criteria of a cyber security policy of the entity based on the collected information; automatically recommending computer network changes that improve the cyber security policy based on the collected information; and determining that the entity has enacted at least a portion of the recommended computer network changes. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification