BUSINESS SERVICES RISK MANAGEMENT
First Claim
1. A method, comprising:
- receiving a business service model comprising a description of a topology of interconnections between configuration items that implement a business service, wherein each of the configuration items is associated with a respective vulnerability score and a respective type classification;
based on the vulnerability scores and the type classifications, determining for each of the configuration items a respective activity level value indicating a probability of the configuration item being active in the business service, a respective vulnerability probability value indicating a probability of the configuration items being compromised and damaged in the business service, and a respective business service risk value indicating a probability of a failure of the business service resulting from damage of the configuration item; and
scoring the business service based on the activity level values, the vulnerability values, and the business service risk values;
wherein the receiving, the determining, and the scoring are performed by a |computer|[Al].
2 Assignments
0 Petitions
Accused Products
Abstract
A business service model includes a description of a topology of interconnections between configuration items that implement a business service. Each of the configuration items is associated with a respective vulnerability score and a respective type classification. Based on the vulnerability scores and the type classifications, the following values are determined for each of the configuration items: a respective activity level value indicating a probability of the configuration item being active in the business process, a respective vulnerability probability value indicating a probability of the configuration items being compromised and damaged in the business process, and a respective business process risk value indicating a probability of a failure of the business process resulting from damage of the configuration item. The business process is scored based on the activity level values, the vulnerability values, and the business process risk values.
43 Citations
20 Claims
-
1. A method, comprising:
-
receiving a business service model comprising a description of a topology of interconnections between configuration items that implement a business service, wherein each of the configuration items is associated with a respective vulnerability score and a respective type classification; based on the vulnerability scores and the type classifications, determining for each of the configuration items a respective activity level value indicating a probability of the configuration item being active in the business service, a respective vulnerability probability value indicating a probability of the configuration items being compromised and damaged in the business service, and a respective business service risk value indicating a probability of a failure of the business service resulting from damage of the configuration item; and scoring the business service based on the activity level values, the vulnerability values, and the business service risk values; wherein the receiving, the determining, and the scoring are performed by a |computer|[Al]. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. At least one computer-readable medium having computer-readable program code embodied therein, the computer-readable program code adapted to be executed by a computer to implement a method comprising:
-
receiving a business service model comprising a description of a topology of interconnections between configuration items that implement a business service, wherein each of the configuration items is associated with a respective vulnerability score and a respective type classification; based on the vulnerability scores and the type classifications, determining for each of the configuration items a respective activity level value indicating a probability of the configuration item being active in the business service, a respective vulnerability probability value indicating a probability of the configuration items being compromised and damaged in the business service, and a respective business service risk value indicating a probability of a failure of the business service resulting from damage of the configuration item; and scoring the business service based on the activity level values, the vulnerability values, and the business service risk values. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. Apparatus, comprising:
-
a computer-readable medium storing computer-readable instructions; and a processor coupled to the computer-readable medium, operable to execute the instructions, and based at least in part on the execution of the instructions operable to perform operations comprising receiving a business service model comprising a description of a topology of interconnections between configuration items that implement a business service, wherein each of the configuration items is associated with a respective vulnerability score and a respective type classification; based on the vulnerability scores and the type classifications, determining for each of the configuration items a respective activity level value indicating a probability of the configuration item being active in the business service, a respective vulnerability probability value indicating a probability of the configuration items being compromised and damaged in the business service, and a respective business service risk value indicating a probability of a failure of the business service resulting from damage of the configuration item; and scoring the business service based on the activity level values, the vulnerability values, and the business service risk values. - View Dependent Claims (17, 18, 19, 20)
-
Specification