METHOD AND TOOL FOR INFORMATION SECURITY ASSESSMENT THAT INTEGRATES ENTERPRISE OBJECTIVES WITH VULNERABILITIES
First Claim
1. A method to assess information security vulnerability of an enterprise comprising:
- storing enterprise objectives in a computer system;
storing enterprise resources determined using a value criterion, a rareness criterion, an inimitability criterion and a non-substitutability criterion in the computer system;
storing enterprise information assets in the computer system;
mapping the enterprise objectives with the enterprise resources;
mapping the enterprise information assets with the enterprise resources;
determining a threat analysis using an attack tree using the enterprise resources and the information assets; and
determining a risk value using the attack tree.
0 Assignments
0 Petitions
Accused Products
Abstract
In one aspect, a method to assess information security vulnerability of an enterprise includes storing enterprise objectives in a computer system, storing enterprise resources determined using a value criterion, a rareness criterion, an inimitability criterion and a non-substitutability criterion in the computer system and storing enterprise information assets in the computer system. The method also includes mapping the enterprise objectives with the enterprise resources and mapping the enterprise information assets with the enterprise resources. The method further includes determining a threat analysis using an attack tree using the enterprise resources and the information assets and determining a risk value using the attack tree.
28 Citations
20 Claims
-
1. A method to assess information security vulnerability of an enterprise comprising:
-
storing enterprise objectives in a computer system; storing enterprise resources determined using a value criterion, a rareness criterion, an inimitability criterion and a non-substitutability criterion in the computer system; storing enterprise information assets in the computer system; mapping the enterprise objectives with the enterprise resources; mapping the enterprise information assets with the enterprise resources; determining a threat analysis using an attack tree using the enterprise resources and the information assets; and determining a risk value using the attack tree. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An article comprising:
a machine-readable medium that stores executable instructions to assess information security vulnerability of an enterprise, the instructions causing a machine to; store enterprise objectives in a computer system; store enterprise resources determined using a value criterion, a rareness criterion, an inimitability criterion and a non-substitutability criterion in the computer system; store enterprise information assets in the computer system; map the enterprise objectives with the enterprise resources; map the enterprise information assets with the enterprise resources; determine a threat analysis using an attack tree using the enterprise resources and the information assets; and determine a risk value using the attack tree. - View Dependent Claims (13, 14, 15, 16)
-
17. An apparatus to assess information security vulnerability of an enterprise, comprising:
circuitry to; store enterprise objectives in a computer system; store enterprise resources determined using a value criterion, a rareness criterion, an inimitability criterion and a non-substitutability criterion in the computer system; store enterprise information assets in the computer system; map the enterprise objectives with the enterprise resources; map the enterprise information assets with the enterprise resources; determine a threat analysis using an attack tree using the enterprise resources and the information assets; and determine a risk value using the attack tree. - View Dependent Claims (18, 19, 20)
Specification