COMPUTER SECURITY METHOD, SYSTEM AND MODEL
First Claim
1. A computer security method, comprising:
- receiving a security alert associated with an electronic attack to at least one computer system of a data network;
identifying a first set of business services which may be affected by the electronic attack;
estimating, based on an identified first set of potentially affected business services, a first potential cost to a business when the electronic attack is successful;
identifying at least one counteraction which may be employed to prevent or mitigate the electronic attack;
identifying a second set of business services which may be affected by the at least one counteraction;
estimating, based on the identified second set of potentially affected business services, a second potential cost to the business when the counteraction is employed; and
comparing the first potential cost and the second potential cost.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer security method includes receiving a security alert associated with an electronic attack to at least one computer system of a data network, identifying a first set of business services which may be affected by the electronic attack, estimating, based on an identified first set of potentially affected business services, a first potential cost to a business when the electronic attack is successful, identifying at least one counteraction which may be employed to prevent or mitigate the electronic attack, identifying a second set of business services which may be affected by the at least one counteraction, estimating, based on the identified second set of potentially affected business services, a second potential cost to the business when the counteraction is employed, and comparing the first potential cost and the second potential cost.
37 Citations
15 Claims
-
1. A computer security method, comprising:
-
receiving a security alert associated with an electronic attack to at least one computer system of a data network; identifying a first set of business services which may be affected by the electronic attack; estimating, based on an identified first set of potentially affected business services, a first potential cost to a business when the electronic attack is successful; identifying at least one counteraction which may be employed to prevent or mitigate the electronic attack; identifying a second set of business services which may be affected by the at least one counteraction; estimating, based on the identified second set of potentially affected business services, a second potential cost to the business when the counteraction is employed; and comparing the first potential cost and the second potential cost. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer security system, comprising:
-
a resource model that associates business services provided by at least one data network with resources of the at least one data network; a business impact model that provides estimates of monetary cost caused by disturbances of each one of the business services; a security alert module that maps a received security alert associated with an electronic attack to at least one resource of the at least one data network targeted by the electronic attack; and a defense system that provides possible counteractions to a received security alert, wherein the defense system selects at least one counteraction based on the estimated cost of employing the at least one counteraction provided by the business impact model. - View Dependent Claims (12, 13)
-
-
14. A computer security model for use in a software product for assessing a business impact of an electronic attack, the model comprising:
-
alerts associated with an electronic attack for assessing a received security alert; targets associated with resources of at least one data network for mapping a received security alert to at least one resource; counteractions associated with at least one of an alert and a target for preventing or mitigating the electronic attack; and business impacts associated with at least one of a target and a counteraction for providing an estimated cost on a business service of a successful attack or employed counteraction, respectively. - View Dependent Claims (15)
-
Specification