Security level information offering method and system
First Claim
1. A method for offering security level comprising the steps of:
- (a) specifying, based on configuration information on a specific equipment, a vulnerability of said equipment, and associating information of the vulnerability with said equipment, said information of the vulnerability including a threat level value of the vulnerability;
(b) computing a security level value of the vulnerability of the specific equipment based on the type of this equipment, the threat level value of the vulnerability for which no modification has been taken regarding this equipment, and the number of days while the vulnerability has been left without any modification taken for the vulnerability; and
(c) outputting security level information based on the security level value obtained in said step (b).
1 Assignment
0 Petitions
Accused Products
Abstract
A system of security information processed such that it can be understood by a person with insufficient knowledge about security technologies is provided. The system comprises a vulnerability information storing unit for storing at least threat level values of vulnerabilities of a computer system to be monitored; a vulnerability information offering unit to extract vulnerability information to be applied to said computer system from said vulnerability information storing unit based on the configuration information of the computer system, and to associate the vulnerability information with this computer system; a vulnerability modification information storing unit for storing the information on whether or not a system manager has applied modification work based on this vulnerability information; and a security level computing unit for computing, regarding a specific equipment, a security level regarding a vulnerability of said equipment from a type of this equipment, the threat level value of the vulnerability that has not been modified with regarding this equipment, and the number or days while the vulnerability has been left without any modification taken.
45 Citations
10 Claims
-
1. A method for offering security level comprising the steps of:
-
(a) specifying, based on configuration information on a specific equipment, a vulnerability of said equipment, and associating information of the vulnerability with said equipment, said information of the vulnerability including a threat level value of the vulnerability;
(b) computing a security level value of the vulnerability of the specific equipment based on the type of this equipment, the threat level value of the vulnerability for which no modification has been taken regarding this equipment, and the number of days while the vulnerability has been left without any modification taken for the vulnerability; and
(c) outputting security level information based on the security level value obtained in said step (b). - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for computing a security level of a computer system, said system comprising:
-
a configuration information storing unit for storing configuration information on the computer system to be monitored;
a vulnerability information storing unit for storing various types of updated vulnerability information including at least a threat level value of the vulnerability;
a vulnerability information offering unit to extract vulnerability information to be applied to said computer system from said vulnerability information storing unit based on said configuration information, and to associate the vulnerability information with this computer system;
a vulnerability modification information storing unit for storing the information on whether or not a system manager has applied modification work based on this vulnerability information;
a security level computing unit for computing, regarding a specific equipment, a security level regarding the vulnerability of said equipment from a type of this equipment, the threat level value of the vulnerability that has not been modified with regarding this equipment, and the number or days while the vulnerability has been left without any modification taken; and
a security level information generating unit for generating and output security level information based on the security level value obtained in said computing unit. - View Dependent Claims (7, 8, 9, 10)
-
Specification