METHOD FOR RISK ANALYSIS USING INFORMATION ASSET MODELLING
First Claim
1. A method for risk analysis using information asset modeling, the method comprising the steps of:
- (a) identifying an information asset which uses or provides a network service;
(b) identifying a threat on the information asset through a computer network;
(c) identifying a vulnerability of the information asset;
(d) calculating an AL (attack likelihood) using a CVSS (Common Vulnerability Scoring System) score obtained by converting a severity caused by a success of an attack on the vulnerability into a standardized value;
(e) computing the value of the information asset so as to calculate an IM (impact analysis); and
(f) multiplying the calculated AL and IM so as to determine an RL (risk level) for the information asset.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for risk analysis using information asset modeling. The method has the steps of: (a) identifying an information asset which uses or provides a network service; (b) identifying a threat on the information asset through a computer network; (c) identifying a vulnerability of the information asset; (d) calculating an AL (attack likelihood) by using a CVSS (Common Vulnerability Scoring System) score obtained by converting a severity caused by a success of an attack on the vulnerability into a standardized value; (e) computing the value of the information asset so as to calculate an IM (impact analysis); and (f) multiplying the calculated AL and IM so as to determine an RL (risk level) for the information asset.
-
Citations
6 Claims
-
1. A method for risk analysis using information asset modeling, the method comprising the steps of:
-
(a) identifying an information asset which uses or provides a network service; (b) identifying a threat on the information asset through a computer network; (c) identifying a vulnerability of the information asset; (d) calculating an AL (attack likelihood) using a CVSS (Common Vulnerability Scoring System) score obtained by converting a severity caused by a success of an attack on the vulnerability into a standardized value; (e) computing the value of the information asset so as to calculate an IM (impact analysis); and (f) multiplying the calculated AL and IM so as to determine an RL (risk level) for the information asset. - View Dependent Claims (2, 3, 4, 5, 6)
-
Specification