ASSESSING SCENARIO-BASED RISKS
First Claim
1. A computer-implemented method for managing risks of a business enterprise, the method comprising:
- identifying, with a computer system, a threat to a business enterprise;
identifying, with the computer system, based on the threat, a plurality of business enterprise assets and associated impacts;
determining, with the computer system, a plurality of threat scenarios, each threat scenario comprising a minimum and a maximum qualitative probability and a minimum and a maximum qualitative impact;
converting, with the computer system, the minimum and the maximum qualitative probability and the minimum and the maximum qualitative impact of each of the plurality of scenarios to a minimum and a maximum quantitative probability and a minimum and a maximum quantitative impact based on a risk matrix;
determining, with the computer system, a quantitative probability and a quantitative impact by generating random numbers within intervals defined by the minimum and the maximum quantitative probability and the minimum and the maximum quantitative impact;
adjusting, with the computer system, one of the quantitative probability and the quantitative impact based on a threat occurrence;
determining, with the computer system, with a simulation model, a quantitative risk of the identified threat based on the quantitative probability and the quantitative impact; and
preparing, with the computer system, an output comprising the determined quantitative risk of the identified threat for display on a graphical user interface of a computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for managing risks of a business enterprise include identifying a threat to a business enterprise; identifying, based on the threat, a plurality of business enterprise assets and associated impacts; determining a plurality of threat scenarios, each threat scenario including a qualitative probability and a qualitative impact; assigning a quantitative probability and a quantitative impact to each of the plurality of scenarios based on an evaluation of the qualitative probability and the qualitative impact in a risk matrix; determining, with a simulation model, a quantitative risk of the identified threat based on the assigned quantitative probability and quantitative impact; and preparing an output including the determined quantitative risk of the identified threat for display.
-
Citations
24 Claims
-
1. A computer-implemented method for managing risks of a business enterprise, the method comprising:
-
identifying, with a computer system, a threat to a business enterprise; identifying, with the computer system, based on the threat, a plurality of business enterprise assets and associated impacts; determining, with the computer system, a plurality of threat scenarios, each threat scenario comprising a minimum and a maximum qualitative probability and a minimum and a maximum qualitative impact; converting, with the computer system, the minimum and the maximum qualitative probability and the minimum and the maximum qualitative impact of each of the plurality of scenarios to a minimum and a maximum quantitative probability and a minimum and a maximum quantitative impact based on a risk matrix; determining, with the computer system, a quantitative probability and a quantitative impact by generating random numbers within intervals defined by the minimum and the maximum quantitative probability and the minimum and the maximum quantitative impact; adjusting, with the computer system, one of the quantitative probability and the quantitative impact based on a threat occurrence; determining, with the computer system, with a simulation model, a quantitative risk of the identified threat based on the quantitative probability and the quantitative impact; and preparing, with the computer system, an output comprising the determined quantitative risk of the identified threat for display on a graphical user interface of a computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory, tangible computer storage medium encoded with a computer program, the program comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising:
-
identifying a threat to a business enterprise; identifying, based on the threat, a plurality of business enterprise assets and associated impacts; determining a plurality of threat scenarios, each threat scenario comprising a minimum and a maximum qualitative probability and a minimum and a maximum qualitative impact; converting the minimum and the maximum qualitative probability and the minimum and the maximum qualitative impact of each of the plurality of scenarios to a minimum and a maximum quantitative probability and a minimum and a maximum quantitative impact based on a risk matrix; determining a quantitative probability and a quantitative impact by generating random numbers within intervals defined by the minimum and the maximum quantitative probability and the minimum and the maximum quantitative impact; adjusting one of the quantitative probability and the quantitative impact based on a threat occurrence; determining, with a simulation model, a quantitative risk of the identified threat based on the quantitative probability and the quantitative impact; and preparing an output comprising the determined quantitative risk of the identified threat for display on a graphical user interface of a computing device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system of one or more computers configured to perform operations comprising:
-
identifying, with the system, a threat to a business enterprise; identifying, with the system, based on the threat, a plurality of business enterprise assets and associated impacts; determining, with the system, a plurality of threat scenarios, each threat scenario comprising a minimum and a maximum qualitative probability and a minimum and a maximum qualitative impact; converting, with the system, the minimum and the maximum qualitative probability and the minimum and the maximum qualitative impact of each of the plurality of scenarios to a minimum and a maximum quantitative probability and a minimum and a maximum quantitative impact based on a risk matrix; determining, with the system, a quantitative probability and a quantitative impact by generating random numbers within intervals defined by the minimum and the maximum quantitative probability and the minimum and the maximum quantitative impact; adjusting, with the system, one of the quantitative probability and the quantitative impact based on a threat occurrence; determining, with the system, with a simulation model, a quantitative risk of the identified threat based on the quantitative probability and the quantitative impact; and preparing, with the system, an output comprising the determined quantitative risk of the identified threat for display on a graphical user interface of a computing device. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification