Information system service-level security risk analysis
First Claim
1. An apparatus comprising:
- a risk analyzer configured to identify one or more assets of an information system that have respective relationships with a service provided by the information system, and to determine one or more security risks to the service by analyzing security vulnerabilities associated with the identified assets; and
an interface operatively coupled to the risk analyzer and configured to provide a consolidated representation of the service, the consolidated representation comprising an indication of the one or more determined security risks and an indication of at least one of the respective relationships between the service and the one or more identified assets.
4 Assignments
0 Petitions
Accused Products
Abstract
Information system service-level security risk analysis systems, methods, and Graphical User Interfaces are disclosed. Assets of an information system that have relationships with a service provided by the information system are identified, and at least one security risk to the service is determined by analyzing security vulnerabilities associated with the identified assets. A consolidated representation of the service is provided, and includes an indication of the determined security risk(s) and an indication of a relationship between the service and at least one of the identified assets. The security risk indication may include indications of multiple security parameters. Security risks may be represented differently depending on whether they arise from a security vulnerability of an asset that has a relationship with the service or a security vulnerability of an asset that has a relationship with the service only through a relationship with an asset that has a relationship with the service.
-
Citations
26 Claims
-
1. An apparatus comprising:
-
a risk analyzer configured to identify one or more assets of an information system that have respective relationships with a service provided by the information system, and to determine one or more security risks to the service by analyzing security vulnerabilities associated with the identified assets; and
an interface operatively coupled to the risk analyzer and configured to provide a consolidated representation of the service, the consolidated representation comprising an indication of the one or more determined security risks and an indication of at least one of the respective relationships between the service and the one or more identified assets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
identifying one or more assets of an information system that have respective relationships with a service provided by the information system;
analyzing security vulnerabilities associated with the identified assets to determine one or more security risks to the service; and
providing, in a consolidated representation of the service, an indication of the one or more determined security risks and an indication of at least one of the respective relationships between the service and the one or more identified assets. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A Graphical User Interface (GUI) comprising a consolidated representation of a service provided by an information system, the consolidated representation comprising:
-
an indication of one or more security risks to the service; and
an indication of at least one of one or more respective relationships between the service and one or more assets of the information system that contribute to the one or more security risks to the service. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. An icon for display in a Graphical User Interface (GUI) comprising:
-
a representation of an asset of an information system; and
respective indications of a plurality of security parameters for a security risk to the asset. - View Dependent Claims (26)
-
Specification