BUSINESS SERVICES RISK MANAGEMENT

US 20110125548A1
Filed: 11/25/2009
Published: 05/26/2011
Est. Priority Date: 11/25/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

receiving a business service model comprising a description of a topology of interconnections between configuration items that implement a business service, wherein each of the configuration items is associated with a respective vulnerability score and a respective type classification;

based on the vulnerability scores and the type classifications, determining for each of the configuration items a respective activity level value indicating a probability of the configuration item being active in the business service, a respective vulnerability probability value indicating a probability of the configuration items being compromised and damaged in the business service, and a respective business service risk value indicating a probability of a failure of the business service resulting from damage of the configuration item; and

scoring the business service based on the activity level values, the vulnerability values, and the business service risk values;

wherein the receiving, the determining, and the scoring are performed by a |computer|_[Al].

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A business service model includes a description of a topology of interconnections between configuration items that implement a business service. Each of the configuration items is associated with a respective vulnerability score and a respective type classification. Based on the vulnerability scores and the type classifications, the following values are determined for each of the configuration items: a respective activity level value indicating a probability of the configuration item being active in the business process, a respective vulnerability probability value indicating a probability of the configuration items being compromised and damaged in the business process, and a respective business process risk value indicating a probability of a failure of the business process resulting from damage of the configuration item. The business process is scored based on the activity level values, the vulnerability values, and the business process risk values.

43 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving a business service model comprising a description of a topology of interconnections between configuration items that implement a business service, wherein each of the configuration items is associated with a respective vulnerability score and a respective type classification;
  
  based on the vulnerability scores and the type classifications, determining for each of the configuration items a respective activity level value indicating a probability of the configuration item being active in the business service, a respective vulnerability probability value indicating a probability of the configuration items being compromised and damaged in the business service, and a respective business service risk value indicating a probability of a failure of the business service resulting from damage of the configuration item; and
  
  scoring the business service based on the activity level values, the vulnerability values, and the business service risk values;
  
  wherein the receiving, the determining, and the scoring are performed by a |computer|_[Al].
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the scoring comprises deriving from the activity level values, the vulnerability values, and the business service risk values a risk score indicating a probability of the business service being damaged.
  - 3. The method of claim 1, wherein the scoring comprises evaluating a function R( ) given by:
  - 4. The method of claim 1, wherein the determining comprises ascertaining the respective activity level of each of the configuration items based on the type classifications of the configuration items and the topology of interconnections between the configuration items.
  - 5. The method of claim 4, wherein the ascertaining comprises ascertaining the respective activity level of each given one of the configuration items based on a respective count of the configuration items that are connected directly to the given configuration item, the classification types of the configuration items that are connected directly to the given configuration item, and the topology of interconnections between all the configuration items.
  - 6. The method of claim 1, wherein the determining comprises determining the respective vulnerability probability value of each of the configuration items based on a mapping of the respective vulnerability score of the configuration item to the respective vulnerability probability value.
  - 7. The method of claim 1, wherein the determining comprises determining the respective business service risk value based on a mapping of the respective classification type of the configuration item to the respective business service risk value.
  - 8. The method of claim 1, wherein the scoring comprises ascertaining a score for the business service based on a function that maps the type classifications of the configuration items and the topology of interconnections between the configuration items to the score, and further comprising ranking the configuration items in accordance with their respective contributions to the score of the business service.
  - 9. The method of claim 8, wherein the ranking comprises determining for each of the configuration items a respective value of a gradient of the function with respect to the respective vulnerabilities of the configuration items, and the ranking the configuration items based on the respective gradient function values.

10. At least one computer-readable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed by a computer to implement a method comprising:
- receiving a business service model comprising a description of a topology of interconnections between configuration items that implement a business service, wherein each of the configuration items is associated with a respective vulnerability score and a respective type classification;
  
  based on the vulnerability scores and the type classifications, determining for each of the configuration items a respective activity level value indicating a probability of the configuration item being active in the business service, a respective vulnerability probability value indicating a probability of the configuration items being compromised and damaged in the business service, and a respective business service risk value indicating a probability of a failure of the business service resulting from damage of the configuration item; and
  
  scoring the business service based on the activity level values, the vulnerability values, and the business service risk values.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The at least one computer-readable medium of claim 10, wherein the scoring comprises evaluating a function R( ) given by:
  - 12. The at least one computer-readable medium of claim 10, wherein the determining comprises ascertaining the respective activity level of each of the configuration items based on the type classifications of the configuration items and the topology of interconnections between the configuration items.
  - 13. The method of claim 12, wherein the ascertaining comprises ascertaining the respective activity level of each given one of the configuration items based on a respective count of the configuration items that are connected directly to the given configuration item, the classification types of the configuration items that are connected directly to the given configuration item, and the topology of interconnections between all the configuration items.
  - 14. The at least one computer-readable medium of claim 10, wherein the scoring comprises ascertaining a score for the business service based on a function that maps the type classifications of the configuration items and the topology of interconnections between the configuration items to the score, and further comprising ranking the configuration items in accordance with their respective contributions to the score of the business service.
  - 15. The at least one computer-readable medium of claim 14, wherein the ranking comprises determining for each of the configuration items a respective value of a gradient of the function with respect to the respective vulnerabilities of the configuration items, and the ranking the configuration items based on the respective gradient function values.

16. Apparatus, comprising:
- a computer-readable medium storing computer-readable instructions; and
  
  a processor coupled to the computer-readable medium, operable to execute the instructions, and based at least in part on the execution of the instructions operable to perform operations comprisingreceiving a business service model comprising a description of a topology of interconnections between configuration items that implement a business service, wherein each of the configuration items is associated with a respective vulnerability score and a respective type classification;
  
  based on the vulnerability scores and the type classifications, determining for each of the configuration items a respective activity level value indicating a probability of the configuration item being active in the business service, a respective vulnerability probability value indicating a probability of the configuration items being compromised and damaged in the business service, and a respective business service risk value indicating a probability of a failure of the business service resulting from damage of the configuration item; and
  
  scoring the business service based on the activity level values, the vulnerability values, and the business service risk values.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16, wherein in the scoring the processor is operable to perform operations comprising evaluating a function R( ) given by:
  - 18. The apparatus of claim 16, wherein in the determining the processor is operable to perform operations comprising ascertaining the respective activity level of each given one of the configuration items based on a respective count of the configuration items that are connected directly to the given configuration item, the classification types of the configuration items that are connected directly to the given configuration item, and the topology of interconnections between all the configuration items.
  - 19. The apparatus of claim 16, wherein in the scoring the processor is operable to perform operations comprising ascertaining a score for the business service based on a function that maps the type classifications of the configuration items and the topology of interconnections between the configuration items to the score, and further comprising ranking the configuration items in accordance with their respective contributions to the score of the business service.
  - 20. The apparatus of claim 19, wherein in the ranking the processor is operable to perform operations comprising determining for each of the configuration items a respective value of a gradient of the function with respect to the respective vulnerabilities of the configuration items, and the ranking the configuration items based on the respective gradient function values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Levi, Eliav, Aharon, Michal, Kogan, Hadas

Application Number

US12/625,780
Publication Number

US 20110125548A1
Time in Patent Office

Days
Field of Search
US Class Current

705/7.28
CPC Class Codes

G06Q 10/04   Forecasting or optimisation...

G06Q 10/06   Resources, workflows, human...

G06Q 10/0635   Risk analysis of enterprise...

BUSINESS SERVICES RISK MANAGEMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

BUSINESS SERVICES RISK MANAGEMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links