Security risk analysis systems and methods
First Claim
1. A risk analyzer configured to associate a vulnerability affecting an asset of a communication network with another asset of the communication network which has a relationship with the asset.
1 Assignment
0 Petitions
Accused Products
Abstract
Security risk analysis systems and methods are disclosed. Vulnerabilities affecting assets of a communication network are associated with other assets of the communication network according to relationships between assets. Security risk may thus be assessed on the basis of both vulnerabilities which directly affect assets and vulnerabilities which indirectly affect assets through their relationships with other assets. Risk exposure calculators which determine respective types of exposure of assets to vulnerabilities, illustratively direct and indirect exposures, are selectable so as to provide for customizable security risk analysis.
-
Citations
25 Claims
- 1. A risk analyzer configured to associate a vulnerability affecting an asset of a communication network with another asset of the communication network which has a relationship with the asset.
-
10. A security risk analysis method comprising:
-
providing a vulnerability affecting an asset of a communication network; and
associating the vulnerability with another asset of the communication network which has a relationship with the asset. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A security risk analysis system comprising:
-
a plurality of risk exposure calculators configured to determine respective types of exposure of assets associated with a communication network to vulnerabilities in the communication network; and
a risk calculator operatively coupled to the plurality of risk exposure calculators and configured to determine a security risk in the communication network based on an exposure determined by one or more selected calculators of the plurality of risk exposure calculators. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A security risk analysis method comprising:
-
determining one or more types of exposure selected from a plurality of types of exposure of assets associated with a communication network to vulnerabilities in the communication network; and
determining a security risk in the communication network based on the one or more types of exposure.
-
-
24. A machine-readable medium storing a data structure, the data structure comprising:
-
a data field storing information identifying an asset of a communication network; and
a data field storing an asset profile of the asset, the asset profile comprising relationship information, specifying respective relationships between the asset and one or more other assets of the communication network, in accordance with which a vulnerability affecting the asset is to be associated with the one or more other assets.
-
-
25. A machine-readable medium storing a data structure, the data structure comprising:
-
a data field storing information identifying an asset of a communication network; and
a data field storing security state information, the security state information comprising indirect exposure information relating to exposure of the asset, through respective relationships between the asset and one or more other assets of the communication network, to vulnerabilities affecting the one or more other assets.
-
Specification