Systems and methods of associating security vulnerabilities and assets
First Claim
1. An apparatus comprising:
- a comparison module configured for comparing a definition of a security vulnerability with one or more definitions of one or more assets of an information system, the security vulnerability definition comprising a plurality of asset characteristics; and
an association module operatively coupled to the comparison module and configured for associating the security vulnerability and a particular asset of the one or more assets where (i) the definition of the particular asset comprises a first asset characteristic of the plurality of asset characteristics in the security vulnerability definition and (ii) either the definition of the particular asset or the definition of another asset of the one or more assets that has a relationship with the particular asset comprises a second asset characteristic of the plurality of asset characteristics in the security vulnerability definition.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.
134 Citations
21 Claims
-
1. An apparatus comprising:
-
a comparison module configured for comparing a definition of a security vulnerability with one or more definitions of one or more assets of an information system, the security vulnerability definition comprising a plurality of asset characteristics; and
an association module operatively coupled to the comparison module and configured for associating the security vulnerability and a particular asset of the one or more assets where (i) the definition of the particular asset comprises a first asset characteristic of the plurality of asset characteristics in the security vulnerability definition and (ii) either the definition of the particular asset or the definition of another asset of the one or more assets that has a relationship with the particular asset comprises a second asset characteristic of the plurality of asset characteristics in the security vulnerability definition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
comparing a definition of a security vulnerability with one or more definitions of one or more assets of an information system, the security vulnerability definition comprising a plurality of asset characteristics;
determining whether the definition of an asset of the one or more assets comprises a first asset characteristic of the plurality of asset characteristics in the security vulnerability definition;
where the definition of an asset of the one or more assets comprises the first asset characteristic, determining whether either the definition of the asset or the definition of another asset of the one or more assets that has a relationship with the asset comprises a second asset characteristic of the plurality of asset characteristics in the security vulnerability definition; and
associating the security vulnerability and the asset where (i) the definition of the asset comprises the first asset characteristic and (ii) either the definition of the asset or the definition of another asset of the one or more assets that has a relationship with the asset comprises the second asset characteristic. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A Graphical User Interface (GUI) comprising:
-
a representation of a security vulnerability via which an asset of an information system may be exploited to thereby affect the asset or another asset of the information system that has a relationship with the asset;
a representation of the asset;
a representation of a first type of association between the security vulnerability and the asset; and
a representation of a second type of association either between the security vulnerability and the asset, where the asset may be exploited via the security vulnerability to affect the asset, or between the security vulnerability and the other asset, where the asset may be exploited via the security vulnerability to affect the other asset. - View Dependent Claims (19, 20)
-
-
21. A machine-readable medium storing a data structure, the data structure comprising:
-
an indication of a first type of association between an asset of an information system and a security vulnerability via which the asset may be exploited to thereby affect the asset or another asset of the information system that has a relationship with the asset; and
an indication of a second type of association either between the security vulnerability and the asset, where the asset may be exploited via the security vulnerability to affect the asset, or between the security vulnerability and the other asset, where the asset may be exploited via the security vulnerability to affect the other asset.
-
Specification