METHOD AND SYSTEM FOR ANALYZING RISK
First Claim
1. A method for measuring risk associated with a behavioural activity, the method comprising:
- a) determining a first risk component associated with one or more persons involved in performing the activity;
b) determining a second risk component associated with sensitivity of one or more assets comprising data associated with the risk;
c) determining a third risk component associated with an endpoint which receives said one or more assets due to the activity;
d) determining a fourth risk component associated with a type of the activity; and
e) measuring the risk as a function of at least one of the first risk component, the second risk component, the third risk component, and the fourth risk component.
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a method, system and computer program product for analyzing risks, for example associated with potential data leakage. Risk for activities may be measured as a function of risk components related to: persons involved in the activity; sensitivity of data at risk; endpoint receiving data at risk; and type the activity. Risk may account for the probability of a leakage event given an activity as well as a risk cost which reflects the above risk components. Manually and/or automatically tuned parameters may be used to affect the risk calculation. Risk associated with persons and/or files may be obtained by: initializing risk scores of persons or files based on a rule set; adjusting the risk scores in response to ongoing monitoring of events; identifying commonalities across persons or files; and propagating risk scores based on the commonalities.
147 Citations
24 Claims
-
1. A method for measuring risk associated with a behavioural activity, the method comprising:
-
a) determining a first risk component associated with one or more persons involved in performing the activity; b) determining a second risk component associated with sensitivity of one or more assets comprising data associated with the risk; c) determining a third risk component associated with an endpoint which receives said one or more assets due to the activity; d) determining a fourth risk component associated with a type of the activity; and e) measuring the risk as a function of at least one of the first risk component, the second risk component, the third risk component, and the fourth risk component. - View Dependent Claims (2, 3, 4)
-
-
5. A method for measuring risk associated with a behavioural activity, the method comprising:
-
a) obtaining one or more probabilities, each probability associated with a respective potential undesired event and each probability being a conditional probability given the observed activity; b) optionally adjusting each of said probabilities by multiplication with a respective probability weighting factor; c) for each potential undesired event, obtaining one or more entity costs, each entity cost representative of a contribution to said risk associated with a given type of entity associated with the activity; d) for each potential undesired event, determining a resultant cost as a function of said entity costs; and e) measuring the risk as an expectation over the one or more resultant costs distributed over the associated probabilities of potential undesired events. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for measuring risk associated with data files within a population, the method comprising:
-
a) initializing risk scores of the data files based on a rule set; b) adjusting the risk scores in response to ongoing interaction with the data files; c) identifying commonalities across data files; and d) at least partially propagating risk scores between data files based on said identified commonalities. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A method for measuring risk associated with persons within a population, the method comprising:
-
a) initializing risk scores of said persons based on a rule set; b) adjusting the risk scores in response to ongoing monitoring of events associated with activities of said persons; c) identifying commonalities across said persons within the population; and d) at least partially propagating risk scores between said persons based on said identified commonalities. - View Dependent Claims (22, 23, 24)
-
Specification