Apparatus and method for assessing financial loss from cyber threats capable of affecting at least one computer network

US 20160197953A1
Filed: 02/01/2016
Published: 07/07/2016
Est. Priority Date: 12/22/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus including one or more computer processors and a computer readable memory in which programming code is stored, wherein the one or more computer processors are configured pursuant to programming code in the computer readable memory to predict, for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity using a Monte Carlo method based on stochastic modeling of past observed threat events, wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses,wherein the one or more computer processors are configured, for a given threat, to model a set of past observed threat events to obtain an estimate of at least one model parameter, and, in a Monte Carlo simulation of a given threat,to predict future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, andto predict a distribution of future threat events by repeating the simulation using a plurality of variables.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and method for assessing financial loss posed by cyber threats capable of affecting at least one computer network in which a plurality of systems operate based on statistical modelling of cyber threat events to determine predicted threat activity, to determine expected downtime of each system in dependence upon said predicted cyber threat activity, to determine financial loss for each of a plurality of operational processes dependent upon the downtimes of the systems, to add financial losses for the plurality of processes so as to obtain a combined financial loss arising from the cyber threat activity, to determine pricing of insurance, to determine cost benefit analysis of computer network security upgrades.

Citations

18 Claims

1. An apparatus including one or more computer processors and a computer readable memory in which programming code is stored, wherein the one or more computer processors are configured pursuant to programming code in the computer readable memory to predict, for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity using a Monte Carlo method based on stochastic modeling of past observed threat events, wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses,wherein the one or more computer processors are configured, for a given threat, to model a set of past observed threat events to obtain an estimate of at least one model parameter, and, in a Monte Carlo simulation of a given threat,to predict future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, andto predict a distribution of future threat events by repeating the simulation using a plurality of variables.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus according to claim 1, wherein the apparatus is further configured to determine expected downtime of each of said systems in dependence upon said predicted future threat activity and to determine financial loss for each of a plurality of operational processes dependent on the downtimes of each of said systems and to add financial losses for said plurality of processes so as to obtain a combined financial loss arising from the predicted future threat activity.
  - 3. The apparatus according to claim 1, wherein the apparatus is configured to model a set of past observed threat events so as to obtain at least one model parameter, wherein at least one model parameter includes at least one parameter indicating goodness of fit of the model, usingregression, weighted regression, linear regression, exponential regression, at least two different models, andto obtain at least two different sets of model parameters.
  - 4. The apparatus according to claim 1, comprising a user interface which is configured to;
    - present at least one model parameter to a userpresent an outcome of stochastic modeling to a user, and todisplay at least one of the financial losses and the combined financial loss on a display device.
  - 5. The apparatus according to claim 1, further comprising a user interface which is configured to present alist of a plurality of risk mitigation measurescorresponding value of the reduction in financial loss associated with implementing the measureresidual value at riskcost of implementing the risk mitigation action, and
    - the ratio of the reduction and implementation cost on a display device.
  - 6. The apparatus according to claim 1, wherein the apparatus is configured to:
    - predict future threat events using at least one model parameter anda stochastic model using said at least one model parameter randomly draw at least one variable according to a predefined distribution anduse said at least one variable in the stochastic modelpredict a distribution of future threat events using a Monte Carlo method by repeating a simulation, andallow for parameter uncertainty.
  - 7. The apparatus according to claim 1, wherein the apparatus is configured to store at least one of the financial losses and the combined financial loss in a storage device.
  - 8. The apparatus according to claim 1, wherein loss is expressed as:
    - value at riskexpected financial loss, anda priori insurance risk premium value
  - 9. The apparatus according to claim 1, wherein the apparatus is configured to retrieve a list of past observed threatsto determine the predicted future threat activity based upon the list of past observed threats, andto output the predicted future threat activity to a firewall.
  - 10. The apparatus according to claim 1, wherein the past observed list of threats includes, for each threat information, identifying at least one system, andfrequency of occurrence of the threat.
  - 11. The apparatus according to claim 1, wherein the frequency of occurrence of the past observed threat includes at least one period of time, andcorresponding frequency of occurrence for the at least one period of time.
  - 12. The apparatus according to claim 1, wherein the one or more processors is configured pursuant to programming code to provide at least two modules includinga first module configured to predict future threat activity using a Monte Carlo method, andto output the predicted future threat activity to a second module.

13. A computer-implemented method, the method being performed by a computer system having one or more computer processors and a computer readable memory in which programming code is stored, whereupon execution of the programming code by one or more computer processors the computer system performs operations comprising:
- predicting, for each of a plurality of threats, future threat activity using a Monte Carlo method based on stochastic modeling of past observed threat events capable of affecting at least one computer network in which a plurality of systems operate, wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses;
  
  wherein for each given threat the method comprises;
  
  modeling a set of past observed threat events to obtain an estimate of at least one model parameter;
  
  performing a Monte Carlo simulation of the given threat by;
  
  predicting future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, and
  
  predicting a distribution of future threat events by repeating the simulation using a plurality of variables.
- View Dependent Claims (14, 15, 17)
- - 14. The method according to claim 13, further comprisingdetermining expected downtime of each system in dependence upon said predicted future threat activitydetermining financial loss for each of a plurality of operational processes dependent on the downtimes of the systemsadding losses for the plurality of processes to obtain a combined financial loss arising from the future threat activity.
  - 15. The method according to claim 13, wherein the predicting threat activity based on stochastic modeling of past observed threat events includesmodeling a set of past observed threat events so as to obtain at least one model parameter, andpredicting future threat events using at least one model parameter and a stochastic model using said at least one model parameter.
  - 17. The method of claim 13, in which the computer system includes at least two modules, wherein the method further comprises:
    - using a first module to predict future threat activity and to output the predicted future threat activity to a second module.

16. A computer readable medium having a computer program thereon, which when executed by a computer system having one or more computer processors and a computer readable memory, causes the computer system to predict, for each of a plurality of threats, future threat activity using a Monte Carlo method based on stochastic modelling of past observed threat events capable of affecting at least one computer network in which a plurality of systems operate, wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruseswherein execution of the computer program causes the computer system to perform, for each given threat, steps comprising:
- modeling a set of past observed threat events to obtain an estimate of at least one model parameter;
  
  performing a Monte Carlo simulation of the given threat by;
  
  predicting future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, andpredicting a distribution of future threat events by repeating the simulation using a plurality of variables.
- View Dependent Claims (18)
- - 18. The computer readable medium of claim 16, wherein the computer program, when executed by the computer system, causes the computer system to include at least two modules including a first module configured to predict future threat activity and to output the predicted future threat activity to a second module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phillip King-Wilson
Original Assignee
Phillip King-Wilson
Inventors
King-Wilson, Phillip

Granted Patent

US 9,762,605 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06Q 40/08 Insurance

H04L 63/1433 Vulnerability analysis

Apparatus and method for assessing financial loss from cyber threats capable of affecting at least one computer network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for assessing financial loss from cyber threats capable of affecting at least one computer network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links