Assessing Threat to at Least One Computer Network
First Claim
1. Apparatus for assessing and valuing computer network threats, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems and a plurality of business processes operating on the plurality of IT systems, the apparatus comprising at least one processor and a memory coupled to the processor, the memory storing instructions executable by the processor that cause the processor to:
- predict future threat activity based on past observed threat activity including, at least one electronic threat, to receive observed threat data from a database, to extrapolate future event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target;
determine expected downtime of each system of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency;
determine the financial loss for each of the plurality of business processes dependent on the downtimes of the IT systems, and;
add the financial losses for the plurality of business processes so as to obtain a combined financial loss arising from the threat activity.
0 Assignments
0 Petitions
Accused Products
Abstract
Apparatus for assessing threat to at least one computer network in which a plurality of systems (301, 302, 303, 304, 305, . . . 30n) operate is configured to determine predicted threat activity (13), to determine expected downtime of each system in dependence upon said predicted threat activity, to determine loss (12A, 12B, 12C, 12D, 12E, . . . , 12m) for each of a plurality of operational processes (31A, 31B, 31C, 31D, 31E, . . . 31m dependent on the downtimes of the systems, to add losses for the plurality of processes so as to obtain a combined loss (12SUM) arising from the threat activity.
-
Citations
16 Claims
-
1. Apparatus for assessing and valuing computer network threats, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems and a plurality of business processes operating on the plurality of IT systems, the apparatus comprising at least one processor and a memory coupled to the processor, the memory storing instructions executable by the processor that cause the processor to:
-
predict future threat activity based on past observed threat activity including, at least one electronic threat, to receive observed threat data from a database, to extrapolate future event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target; determine expected downtime of each system of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency; determine the financial loss for each of the plurality of business processes dependent on the downtimes of the IT systems, and; add the financial losses for the plurality of business processes so as to obtain a combined financial loss arising from the threat activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of assessing and valuing computer network threats, the threats including at least one electronic threat, the network comprising a plurality of IT systems wherein a plurality of business processes operate on the plurality of IT systems the method comprising, by using at least one computer processor:
-
predicting threat activity based on past observed activity including, for at least one electronic threat, to receive observed threat data from a database, to extrapolate future event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target; determining expected downtime of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency; determining the financial loss for the plurality of business processes dependent on the downtimes of the IT systems; adding the financial losses for the plurality of business processes to obtain a combined financial loss arising from the threat activity. - View Dependent Claims (14, 15)
-
-
16. A non-transitory computer readable medium storing a computer program which when executed by a computer system, causes the computer system to perform a method of assessing and valuing computer network threats, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems wherein a plurality of business processes operate on the plurality of IT systems, the method comprising:
-
predicting threat activity based on past observed activity including, at least one electronic threat, to receive observed threat data from a database, to extrapolate future event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target; determining expected downtime of each of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency; determining the financial loss for the plurality of business processes dependent on the downtimes of the IT systems; adding the financial losses for the plurality of business processes to obtain a combined financial loss arising from the threat activity.
-
Specification