METHOD FOR RISK ANALYSIS USING INFORMATION ASSET MODELLING

US 20090099885A1
Filed: 11/16/2007
Published: 04/16/2009
Est. Priority Date: 10/12/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for risk analysis using information asset modeling, the method comprising the steps of:

(a) identifying an information asset which uses or provides a network service;

(b) identifying a threat on the information asset through a computer network;

(c) identifying a vulnerability of the information asset;

(d) calculating an AL (attack likelihood) using a CVSS (Common Vulnerability Scoring System) score obtained by converting a severity caused by a success of an attack on the vulnerability into a standardized value;

(e) computing the value of the information asset so as to calculate an IM (impact analysis); and

(f) multiplying the calculated AL and IM so as to determine an RL (risk level) for the information asset.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for risk analysis using information asset modeling. The method has the steps of: (a) identifying an information asset which uses or provides a network service; (b) identifying a threat on the information asset through a computer network; (c) identifying a vulnerability of the information asset; (d) calculating an AL (attack likelihood) by using a CVSS (Common Vulnerability Scoring System) score obtained by converting a severity caused by a success of an attack on the vulnerability into a standardized value; (e) computing the value of the information asset so as to calculate an IM (impact analysis); and (f) multiplying the calculated AL and IM so as to determine an RL (risk level) for the information asset.

Citations

6 Claims

1. A method for risk analysis using information asset modeling, the method comprising the steps of:
- (a) identifying an information asset which uses or provides a network service;
  
  (b) identifying a threat on the information asset through a computer network;
  
  (c) identifying a vulnerability of the information asset;
  
  (d) calculating an AL (attack likelihood) using a CVSS (Common Vulnerability Scoring System) score obtained by converting a severity caused by a success of an attack on the vulnerability into a standardized value;
  
  (e) computing the value of the information asset so as to calculate an IM (impact analysis); and
  
  (f) multiplying the calculated AL and IM so as to determine an RL (risk level) for the information asset.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein in step (c), CVE (Common Vulnerabilities &
    - Exposures) identifiers are used.
  - 3. The method according to claim 2 further comprising the step of:
    - extracting a CVSS score from the CVE information, the CVSS score being obtained by scoring the vulnerability, wherein the extracting of the CVSS score is performed between steps (c) and (d).
  - 4. The method according to claim 1, wherein step (e) includes the steps of:
    - checking an identifier of the information asset for the vulnerability;
      
      checking a service provided by the information asset and software operated by the information asset; and
      
      checking a traffic ratio used in the checked service and software so as to compute the value of the information asset.
  - 5. The method according to claim 4, wherein the traffic includes information on the number of visitors who get access to the information asset through an Internet site.
  - 6. The method according to claim 1, wherein a path of the threat on the information asset is a logic access through the computer network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Korea Information Security Agency
Original Assignee
Korea Information Security Agency
Inventors
Sung, Yune-Gie, Kim, Woo-Han, Sim, Won-Tae

Application Number

US11/941,209
Publication Number

US 20090099885A1
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

METHOD FOR RISK ANALYSIS USING INFORMATION ASSET MODELLING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR RISK ANALYSIS USING INFORMATION ASSET MODELLING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links