Method for the Continuous Calculation of a Cyber Security Risk Index

US 20180124091A1
Filed: 10/27/2016
Published: 05/03/2018
Est. Priority Date: 10/27/2016
Status: Active Grant

First Claim

Patent Images

1. A method for assessing a cyber security risk, the method comprising the steps of:

obtaining cyber security precursor information from a plurality of sources, wherein the cyber security precursor information can be obtained from one or more online or offline sources;

normalizing the obtained cyber security precursor information to a common information model;

generating, from the normalized cyber security precursor information, one or more events;

producing, from the one or more generated events, one or more facts;

calculating a plurality of risk indicators from the one or more facts;

normalizing the plurality of risk indicators to a common model;

calculating, using the normalized plurality of risk indicators, one or more cyber risk index component scores; and

calculating, using the one or more cyber risk index component scores, a cyber risk indicator index.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for assessing a cyber security risk, the method comprising the steps of: obtaining cyber security precursor information from a plurality of sources, wherein the cyber security precursor information can be obtained from one or more online or offline sources; normalizing the obtained cyber security precursor information to a common information model; generating, from the normalized cyber security precursor information, one or more events; producing, from the one or more generated events, one or more facts; calculating a plurality of risk indicators from the one or more facts; normalizing the plurality of risk indicators to a common model; calculating, using the normalized plurality of risk indicators, one or more cyber risk index component scores; and calculating, using the one or more cyber risk index component scores, a cyber risk indicator index.

65 Citations

View as Search Results

31 Claims

1. A method for assessing a cyber security risk, the method comprising the steps of:
- obtaining cyber security precursor information from a plurality of sources, wherein the cyber security precursor information can be obtained from one or more online or offline sources;
  
  normalizing the obtained cyber security precursor information to a common information model;
  
  generating, from the normalized cyber security precursor information, one or more events;
  
  producing, from the one or more generated events, one or more facts;
  
  calculating a plurality of risk indicators from the one or more facts;
  
  normalizing the plurality of risk indicators to a common model;
  
  calculating, using the normalized plurality of risk indicators, one or more cyber risk index component scores; and
  
  calculating, using the one or more cyber risk index component scores, a cyber risk indicator index.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising the step of storing the generated one or more events in an event database.
  - 3. The method of claim 1, further comprising the step of storing the generated one or more facts in a fact database.
  - 4. The method of claim 1, further comprising the step of storing the generated one or more risk indicators in a risk indicator database.
  - 5. The method of claim 1, wherein the step of producing one or more facts comprises one or more of a mathematical analysis, pattern detection, anomaly detection, and rule-based assessment of the one or more events
  - 6. The method of claim 1, wherein the step of calculating a plurality of risk indicators from the one or more facts comprises an analysis of several facts over time.
  - 7. The method of claim 1, wherein the cyber risk indicator index comprises a score between 0 and 100.
  - 8. The method of claim 1, further comprising the step of providing the cyber risk indicator index to a user.
  - 9. The method of claim 8, wherein the step of providing the cyber risk indicator index to a user comprises a user interface.
  - 10. The method of claim 9, wherein the user interface comprises a graph of cyber risk indicator index over time.
  - 11. The method of claim 1, further comprising the step of comparing the cyber risk indicator index to a pre-determined threshold.
  - 12. The method of claim 11, further comprising the step of notifying a user if the cyber risk indicator index exceeds the pre-determined threshold.
  - 13. The method of claim 11, further comprising the step of initiating an automated action if the cyber risk indicator index exceeds the pre-determined threshold.

14. A computerized system configured to assess a cyber security risk, the system comprising:
- a plurality of sensors, the plurality of sensors configured to obtain cyber security precursor information;
  
  an event database configured to store one or more events;
  
  a fact database configured to store one or more facts; and
  
  a processor programmed to perform the steps of;
  
  (i) receiving the cyber security precursor information from the plurality of sensors;
  
  (ii) normalizing the obtained cyber security precursor information to a common information model;
  
  (iii) generating, from the normalized cyber security precursor information, one or more events;
  
  (iv) storing the generated one or more events in the event database;
  
  (v) producing, from the one or more generated events, one or more facts;
  
  (vi) storing the one or more facts in the facts database;
  
  (vii) calculating a plurality of risk indicators from the one or more facts;
  
  (viii) normalizing the plurality of risk indicators to a common model;
  
  (ix) calculating, using the normalized plurality of risk indicators, one or more cyber risk index component scores; and
  
  (x) calculating, using the one or more cyber risk index component scores, a cyber risk indicator index.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The system of claim 14, wherein the processor is configured to produce the one or more facts using one or more of a mathematical analysis, pattern detection, anomaly detection, and rule-based assessment of the one or more events.
  - 16. The system of claim 14, wherein the processor is configured to calculate the plurality of risk indicators from the one or more facts comprises an analysis of several facts over time.
  - 17. The system of claim 14, wherein the cyber risk indicator index comprises a score between 0 and 100.
  - 18. The system of claim 14, wherein the processor is further configured to provide the cyber risk indicator index to a user.
  - 19. The system of claim 14, further comprising a user interface.
  - 20. The system of claim 14, wherein the processor is further configured to compare the cyber risk indicator index to a pre-determined threshold.
  - 21. The system of claim 20, wherein the processor is further configured to notify a user if the cyber risk indicator index exceeds the pre-determined threshold.
  - 22. The system of claim 20, wherein the processor is further configured to initiate an automated action if the cyber risk indicator index exceeds the pre-determined threshold.

23. A computer system configured to assess a cyber security risk, the computer system comprising:
- a non-transitory computer-readable storage medium configured to store data collected by the computer system and comprising computer-executable instructions;
  
  a processor programmed to execute the computer-executable instructions resulting in the computer system performing the steps of;
  
  receiving cyber security precursor information from a plurality of sensors;
  
  (ii) normalizing the obtained cyber security precursor information to a common information model;
  
  (iii) generating, from the normalized cyber security precursor information, one or more events;
  
  (iv) storing the generated one or more events in the non-transitory computer-readable storage medium;
  
  (v) producing, from the one or more generated events, one or more facts;
  
  (vi) storing the one or more facts in the non-transitory computer-readable storage medium;
  
  (vii) calculating a plurality of risk indicators from the one or more facts;
  
  (viii) normalizing the plurality of risk indicators to a common model;
  
  (ix) calculating, using the normalized plurality of risk indicators, one or more cyber risk index component scores; and
  
  (x) calculating, using the one or more cyber risk index component scores, a cyber risk indicator index.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The computer system of claim 23, wherein the processor is further configured to produce the one or more facts using one or more of a mathematical analysis, pattern detection, anomaly detection, and rule-based assessment of the one or more events.
  - 25. The computer system of claim 23, wherein the processor is further configured to calculate the plurality of risk indicators from the one or more facts comprises an analysis of several facts over time.
  - 26. The computer system of claim 23, wherein the cyber risk indicator index comprises a score between 0 and 100.
  - 27. The computer system of claim 23, wherein the processor is further configured to provide the cyber risk indicator index to a user.
  - 28. The computer system of claim 23, further comprising a user interface.
  - 29. The computer system of claim 23, wherein the processor is further configured to compare the cyber risk indicator index to a pre-determined threshold.
  - 30. The computer system of claim 29, wherein the processor is further configured to notify a user if the cyber risk indicator index exceeds the pre-determined threshold.
  - 31. The computer system of claim 29, wherein the processor is further configured to initiate an automated action if the cyber risk indicator index exceeds the pre-determined threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
SRC, Inc.
Inventors
Sweeney, Matthew S., Pokines, Benjamin B.

Granted Patent

US 10,212,184 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2228   Indexing structures

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

H04L 63/14   for detecting or protecting...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Method for the Continuous Calculation of a Cyber Security Risk Index

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

31 Claims

Specification

Use Cases

Quick Links

Others

Method for the Continuous Calculation of a Cyber Security Risk Index

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

31 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others