Method and system for calculating risk in association with a security audit of a computer network
First Claim
1. A method for assessing the security of a system comprising:
- selecting a vulnerability for the system;
obtaining an asset value for the system;
determining an exploit probability for the vulnerability;
obtaining a severity value for the vulnerability;
computing a risk value for the vulnerability based on at least one of the asset value, the exploit probability, and the severity value;
if there are additional vulnerabilities associated with the system, repeating the foregoing steps to compute risk values for the additional vulnerabilities; and
calculating a security score for the system based on at least one of the risk values associated with the system.
3 Assignments
0 Petitions
Accused Products
Abstract
Calculating risk based on information collected during a security audit of a computing network. The computer network is surveyed to determine the significance of elements in the network and to identify vulnerabilities associated with the elements. Using this information, the security audit system calculates a risk value for each vulnerability. The risk value is a function of the asset value, the probability that the vulnerability will be exploited, and the potential severity of damage to the network if the vulnerability is exploited. The risk value can be adjusted based on the ease with which the vulnerability can be fixed. A network element may have one or more risk values associated with it based on one or more vulnerabilities. The security audit system employs a band calculation method for summing risk values and computing a single security score for the element. The band calculation method can also be used to produce a security score for a group of elements. The band calculation method produces a more accurate score for comparing elements and groups of elements throughout a network.
324 Citations
49 Claims
-
1. A method for assessing the security of a system comprising:
-
selecting a vulnerability for the system;
obtaining an asset value for the system;
determining an exploit probability for the vulnerability;
obtaining a severity value for the vulnerability;
computing a risk value for the vulnerability based on at least one of the asset value, the exploit probability, and the severity value;
if there are additional vulnerabilities associated with the system, repeating the foregoing steps to compute risk values for the additional vulnerabilities; and
calculating a security score for the system based on at least one of the risk values associated with the system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for computing a security score associated with a host in a distributed computing network comprising:
-
selecting a vulnerability for the host, the vulnerability being identified during a security scan;
obtaining an asset value for the host, the asset value obtained from at least one of a host operating system, a host service, and the host vulnerabilities;
determining an exploit probability for the vulnerability, the exploit probability indicating the likelihood that the vulnerability will be exploited to compromise the host;
obtaining a severity value for the vulnerability, the severity value characterizing the potential damage that can be done from exploiting the vulnerability;
computing a risk value for the vulnerability based on at least one of the asset value, the exploit probability, and the severity value;
computing an adjusted risk value as a function of the risk value and a fix difficulty value, the fix difficulty value indicating the difficulty of remedying the vulnerability associated with the risk;
if there are additional vulnerabilities associated with the system, repeating the foregoing steps to compute adjusted risk values for the additional vulnerabilities; and
calculating an adjusted security score for the host based on at least one of the adjusted risk values associated with the host. - View Dependent Claims (12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 37, 39, 40, 41, 42)
-
-
18. A method for determining a risk value for a vulnerability detected by a security audit system in a network comprising:
-
receiving an asset value from the security audit system for an element with which the vulnerability is associated;
receiving an exploit probability value for the vulnerability from the security audit system;
receiving a severity value from the security audit system; and
computing a risk value for the vulnerability, the computation comprising at least one of the asset value, the exploit probability value, and the severity value.
-
-
29. A method for computing a risk value associated with an element in a network comprising:
-
receiving a vulnerability for the element, the vulnerability being identified by a security audit system;
receiving an asset value for the element from the security audit system, wherein the asset value is based on at least one of an operating system, an element service, and the element vulnerabilities;
receiving an exploit probability value for the vulnerability from the security audit system;
receiving a severity value from the security audit system; and
computing a risk value for the vulnerability, the computation comprising at least one of the asset value, the exploit probability value, and the severity value.
-
-
38. A computer-readable medium having computer-executable instructions for performing steps comprising:
-
receiving a vulnerability for a host, the vulnerability being identified during a security scan;
obtaining an asset value for the host, the asset value based on at least one of a host operating system, a host service, and the host vulnerability;
determining an exploit probability for the vulnerability;
obtaining a severity value for the vulnerability;
computing a risk value for the vulnerability based on at least one of the asset value, the exploit probability, and the severity value;
computing an adjusted risk value as a function of the risk value and a fix difficulty value;
if there are additional vulnerabilities associated with the system, repeating the foregoing steps to compute adjusted risk values for the additional vulnerabilities; and
calculating an adjusted security score for the host based on at least one of the adjusted risk values associated with the host.
-
-
43. A system for computing a security score associated with a security audit of a distributed computing system comprising:
-
an manager software module operable for selecting a vulnerability for a host;
a storage module operable for storing an asset value for the host, an exploit probability for the vulnerability, and a severity value for the vulnerability; and
a computation module operable for computing a risk value. - View Dependent Claims (44, 45, 46, 47, 48, 49)
-
Specification