Disaster Scenario Based Inferential Analysis Using Feedback for Extracting and Combining Cyber Risk Information
First Claim
Patent Images
1. A method, comprising:
- assessing risk of an entity, using a computer agent configured to collect information from at least publicly accessible Internet elements, wherein the assessing of risk comprises;
generating a disaster scenario that comprises elements of a disaster event;
modeling the disaster scenario against a profile of the entity; and
determining theoretical damage based on the modeling; and
automatically recommending, based on the assessed risk, changes to reduce the assessed risk to mitigate the theoretical damage.
4 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of the present technology include methods of assessing risk of a cyber security failure in a computer network of an entity. Some embodiments include generating a disaster scenario that includes elements of a disaster event, modeling the disaster scenario against a profile of the computer network and the entity, determining theoretical damage based on the modeling, and updating a cyber security policy or a network change to mitigate the theoretical damage.
-
Citations
23 Claims
-
1. A method, comprising:
-
assessing risk of an entity, using a computer agent configured to collect information from at least publicly accessible Internet elements, wherein the assessing of risk comprises; generating a disaster scenario that comprises elements of a disaster event; modeling the disaster scenario against a profile of the entity; and determining theoretical damage based on the modeling; and automatically recommending, based on the assessed risk, changes to reduce the assessed risk to mitigate the theoretical damage. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method, comprising:
assessing risk of a cyber security failure in a computer network of an entity, using a computer agent configured to collect information from at least publicly accessible Internet elements, wherein the assessing of risk comprises; generating a disaster scenario that comprises elements of a disaster event; modeling the disaster scenario against a profile of the computer network and the entity; determining theoretical damage based on the modeling; and updating a cyber security policy or a network change to mitigate the theoretical damage. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
21. A system, comprising:
-
a processor; and a memory communicatively coupled with the processor, the memory storing instructions, which when executed by the processor, perform a method comprising; assessing risk of a cyber security failure in a computer network of an entity, using a computer agent configured to collect information from at least publicly accessible Internet elements, wherein the assessing of risk comprises; evaluating the collected information to obtain circumstantial or indirect information regarding the entity, the circumstantial or indirect information having an impact on the risk but the circumstantial or indirect information not specifically referencing the entity; cross referencing data in the collected information to confirm or infer that the entity is referenced in the circumstantial or indirect information that is indicative of the entity being referenced in the circumstantial or indirect information; and at least one of increasing and decreasing the assessed risk if the circumstantial or indirect information is negative or positive; automatically determining, based on the assessed risk, a change or a setting to at least one element of policy criteria of a cyber security policy; automatically recommending, based on the assessed risk, computer network changes to reduce the assessed risk; providing one or more recommended computer network changes to reduce the assessed risk, enactment by the entity of at least one of the one or more recommended computer network changes to reduce the assessed risk to the entity; in response to determining that the entity has enacted at least a portion of the one or more recommended computer network changes, automatically reassessing the risk of a cyber security failure in the computer network of the entity based on the enacted recommended computer network changes; dynamically re-determining, based on the reassessed risk of a cyber security failure in the computer network of the entity, the change or the setting to the at least one element of policy criteria of the cyber security policy; generating a disaster scenario that comprises elements of a disaster event; modeling the disaster scenario against a profile of the network; determining theoretical damage based on the modeling; and updating the cyber security policy or a network change to mitigate the theoretical damage. - View Dependent Claims (22, 23)
-
Specification