Building risk analysis system with dynamic modification of asset-threat weights
First Claim
1. A building management system comprising:
- one or more computer-readable storage media having;
a data structure, wherein the data structure comprises a plurality of vulnerabilities and a plurality of pairs, each of the plurality of pairs comprising one of a plurality of assets and one of a plurality of threat types, wherein each of the plurality of pairs is associated with one of the plurality of vulnerabilities; and
instructions stored thereon that, when executed by one or more processors, cause the one or more processors to;
receive a threat, the threat comprising a particular threat type of the plurality of threat types, the threat indicating an incident affecting a risk value associated with a particular asset of the plurality of assets;
identify a particular vulnerability of the data structure based on the particular threat type and the particular asset;
determine, based on the particular vulnerability and the threat, the risk value associated with the particular asset;
receive, via a user interface, an update to the particular vulnerability associated with the particular asset and the particular threat type;
update the data structure with the update to the particular vulnerability;
generate, for the particular asset, a list of threat types that the particular asset is vulnerable to based on the data structure, wherein the list of threat types are threat types that affect a risk score of the particular asset;
cause the user interface to display the list;
receive, via the user interface, an update to the list, the update to the list comprising an indication to add one or more new threat types, wherein the data structure does not indicate that the risk score of the particular asset is affected by the one or more new threat types; and
update the plurality of vulnerabilities of the data structure based on the update to the list by adding one or more vulnerabilities based on the indication to add the one or more new threat types of the list.
3 Assignments
0 Petitions
Accused Products
Abstract
A building management system includes one or more computer-readable storage media having a data structure, wherein the data structure comprises a plurality of vulnerabilities and a plurality of pairs, each of the plurality of pairs comprising one of a plurality of assets and one of the plurality of threat types, wherein each of the plurality of pairs is associated with one of the plurality of vulnerabilities and instructions. The instructions cause one or more processors to receive a threat, the threat comprising a particular threat type of the plurality of threat types, the threat indicating an incident affecting a risk value associated with a particular asset of the plurality of assets, identify a particular vulnerability of the data structure based on the particular threat type and the particular asset, and determine, based on the particular vulnerability and the threat, the risk value associated with the particular asset.
73 Citations
26 Claims
-
1. A building management system comprising:
one or more computer-readable storage media having; a data structure, wherein the data structure comprises a plurality of vulnerabilities and a plurality of pairs, each of the plurality of pairs comprising one of a plurality of assets and one of a plurality of threat types, wherein each of the plurality of pairs is associated with one of the plurality of vulnerabilities; and instructions stored thereon that, when executed by one or more processors, cause the one or more processors to; receive a threat, the threat comprising a particular threat type of the plurality of threat types, the threat indicating an incident affecting a risk value associated with a particular asset of the plurality of assets; identify a particular vulnerability of the data structure based on the particular threat type and the particular asset; determine, based on the particular vulnerability and the threat, the risk value associated with the particular asset; receive, via a user interface, an update to the particular vulnerability associated with the particular asset and the particular threat type; update the data structure with the update to the particular vulnerability; generate, for the particular asset, a list of threat types that the particular asset is vulnerable to based on the data structure, wherein the list of threat types are threat types that affect a risk score of the particular asset; cause the user interface to display the list; receive, via the user interface, an update to the list, the update to the list comprising an indication to add one or more new threat types, wherein the data structure does not indicate that the risk score of the particular asset is affected by the one or more new threat types; and update the plurality of vulnerabilities of the data structure based on the update to the list by adding one or more vulnerabilities based on the indication to add the one or more new threat types of the list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method for risk analysis, the method comprising:
-
receiving a threat, the threat comprising a particular threat type of a plurality of threat types, the threat indicating an incident affecting a risk value associated with a particular asset of a plurality of assets; identifying a particular vulnerability of a data structure based on the particular threat type and the particular asset, wherein the data structure comprises a plurality of vulnerabilities and a plurality of pairs, each of the plurality of pairs comprising one of the plurality of assets and one of the plurality of threat types, wherein each of the plurality of pairs is associated with one of the plurality of vulnerabilities; determining, based on the particular vulnerability and the threat, the risk value associated with the particular asset; receiving, via a user interface, an update to the particular vulnerability associated with the particular asset and the particular threat type; updating the data structure with the update to the particular vulnerability; generating, for the particular asset, a list of threat types that the particular asset is vulnerable to based on the data structure, wherein the list of threat types are threat types that affect a risk score of the particular asset; causing the user interface to display the list; receiving, via the user interface, an update to the list, the update to the list comprising an indication to add one or more new threat types, wherein the data structure does not indicate that the risk score of the particular asset is affected by the one or more new threat types; and updating the plurality of vulnerabilities of the data structure based on the update to the list by adding one or more vulnerabilities based on the indication to add the one or more new threat types. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A building management system comprising:
-
one or more computer-readable storage media communicably coupled to one or more processors and configured to store instructions and a data structure, wherein the data structure comprises a plurality of vulnerabilities and a plurality of pairs, each of the plurality of pairs comprising one of a plurality of assets and one of a plurality of threat types, wherein each of the plurality of pairs is associated with one of the plurality of vulnerabilities; and the one or more processors configured to execute the instructions to; receive a threat, the threat comprising a particular threat type of the plurality of threat types, the threat indicating an incident affecting a risk value associated with a particular asset of the plurality of assets; identify a particular vulnerability of the data structure based on the particular threat type and the particular asset; determine, based on the particular vulnerability and the threat, the risk value associated with the particular asset; receive, via a user interface, an update to the particular vulnerability associated with the particular asset and the particular threat type; update the data structure with the update to the particular vulnerability; generate, for the particular asset, a list of threat types that the particular asset is vulnerable to based on the data structure, wherein the list of threat types are threat types that affect a risk score of the particular asset cause the user interface to display the list receive, via the user interface, an update to the list, the update to the list comprising an indication to add one or more new threat types, wherein the data structure does not indicate that the risk score of the particular asset is affected by the one or more new threat types; and update the plurality of vulnerabilities of the data structure based on the update by adding one or more vulnerabilities based on the indication to add the one or more new threat types.
-
-
17. A building management system comprising:
one or more computer-readable storage media having; a data structure, wherein the data structure comprises a plurality of vulnerabilities and a plurality of pairs, each of the plurality of pairs comprising one of a plurality of assets and one of a plurality of threat types, wherein each of the plurality of pairs is associated with one of the plurality of vulnerabilities; and instructions stored thereon that, when executed by one or more processors, cause the one or more processors to; receive a threat, the threat comprising a particular threat type of the plurality of threat types, the threat indicating an incident affecting a risk value associated with a particular asset of the plurality of assets; identify a particular vulnerability of the data structure based on the particular threat type and the particular asset; determine, based on the particular vulnerability and the threat, the risk value associated with the particular asset; receive, via a user interface, an update to the particular vulnerability associated with the particular asset and the particular threat type; update the data structure with the update to the particular vulnerability; receive an indication of a set of assets of the plurality of assets, the set of assets associated with a particular asset category; generate, for the set of assets, a list of threat types that the set of assets is vulnerable to based on the data structure, wherein the list of threat types are threat types that affect risk scores of the set of assets; cause the user interface to display the list; receive, via the user interface, an update to the list, the update to the list comprising an indication to add one or more new threat types, wherein the data structure does not indicate that the risk scores of the set of assets are affected by the one or more new threat types; and update the plurality of vulnerabilities of the data structure based on the update by adding one or more vulnerabilities based on the indication to add the one or more new threat types. - View Dependent Claims (18, 19, 20, 21)
-
22. A method for risk analysis, the method comprising:
-
receiving a threat, the threat comprising a particular threat type of a plurality of threat types, the threat indicating an incident affecting a risk value associated with a particular asset of a plurality of assets; identifying a particular vulnerability of a data structure based on the particular threat type and the particular asset, wherein the data structure comprises a plurality of vulnerabilities and a plurality of pairs, each of the plurality of pairs comprising one of the plurality of assets and one of the plurality of threat types, wherein each of the plurality of pairs is associated with one of the plurality of vulnerabilities; determining, based on the particular vulnerability and the threat, the risk value associated with the particular asset; receiving, via a user interface, an update to the particular vulnerability associated with the particular asset and the particular threat type; updating the data structure with the update to the particular vulnerability; receiving an indication of a set of assets of the plurality of assets, the set of assets associated with a particular asset category; generating, for the set of assets, a list of threat types that the set of assets is vulnerable to based on the data structure, wherein the list of threat types are threat types that affect risk scores of the set of assets; causing the user interface to display the list; receiving, via the user interface, an update to the list, the update to the list comprising an indication to add one or more new threat types, wherein the data structure does not indicate that the risk scores of the set of assets are affected by the one or more new threat types; and updating the plurality of vulnerabilities of the data structure based on the update by adding one or more vulnerabilities based on the indication to add the one or more new threat types. - View Dependent Claims (23, 24, 25, 26)
-
Specification