Practical threat analysis
First Claim
1. A method for performing risk management of a given system having known vulnerabilities and weaknesses, based on system assets values, the risks of possible threats, potential asset damages in relation to each threat, possible countermeasure and relative threat mitigation in relation to a single countermeasure or to a set of countermeasures, wherein said method comprises the following steps:
- valuating relative threat monetary risk, wherein each threat is correlated to the possible damage to system assets based on possible threat scenarios in accordance with relevant vulnerabilities and weaknesses of the system and valuation of relative threat damage;
calculating cost effectiveness for each countermeasure or each set of countermeasures, taking into account the relative relevant threats damages and estimating the contribution of each countermeasure or set of countermeasures to reduce said damages.
0 Assignments
0 Petitions
Accused Products
Abstract
The following subject matter provides a computer-implemented method and system for calculation of cost-effectiveness of countermeasures in mitigating the threats on a system through calculating risk of threats. The calculation is run on a model of assets, threats, vulnerabilities and countermeasures and enables the production of easy to understand reports and action item lists showing the financial value of threat risks and countermeasures priorities and cost-effectiveness.
291 Citations
12 Claims
-
1. A method for performing risk management of a given system having known vulnerabilities and weaknesses, based on system assets values, the risks of possible threats, potential asset damages in relation to each threat, possible countermeasure and relative threat mitigation in relation to a single countermeasure or to a set of countermeasures, wherein said method comprises the following steps:
-
valuating relative threat monetary risk, wherein each threat is correlated to the possible damage to system assets based on possible threat scenarios in accordance with relevant vulnerabilities and weaknesses of the system and valuation of relative threat damage;
calculating cost effectiveness for each countermeasure or each set of countermeasures, taking into account the relative relevant threats damages and estimating the contribution of each countermeasure or set of countermeasures to reduce said damages. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification