METHOD AND SYSTEM FOR EVALUATING INDIVIDUAL AND GROUP CYBER THREAT AWARENESS

US 20200135049A1
Filed: 10/26/2018
Published: 04/30/2020
Est. Priority Date: 10/26/2018
Status: Active Grant

First Claim

Patent Images

1. A system for evaluating cybersecurity awareness of an organization, comprising:

an evaluation server including a processor and a memory, the memory storing non-transitory machine-readable code to be executed by the processor;

at least one database storing a plurality of cybersecurity awareness evaluations, the database connected to the evaluation server;

a plurality of clients connected to the evaluation server and configured to run at least one of the cybersecurity awareness evaluations by users on user devices, the users performing actions in the evaluations including offensive actions and defensive actions; and

an evaluation dashboard including an interface configured to display selected ones of scoring results of the cybersecurity awareness evaluations as determined by the evaluation server based on the offensive and defensive actions of the users, the scoring results including a plurality of offensive component scores for at least one of the users, a plurality of defensive component scores for the at least one of the users, at least one composite offensive score for the at least one of the users and at least one composite defensive score for the at least one of the users, the composite offensive score being determined based on a plurality of the offensive component scores and the composite defensive score being determined based on a plurality of the defensive component scores.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system has an evaluation server that includes at least one database storing a plurality of cybersecurity awareness evaluations, the database connected to the server, a plurality of clients connected to the server and configured to run at least one of the cybersecurity awareness evaluations for play by users on user devices, the users performing actions in the evaluation including offensive actions and defensive actions, and an evaluation dashboard including an interface configured to display scoring results of the cybersecurity awareness evaluations as determined by the server, the scoring results including a plurality of offensive component scores for at least one of the users, a plurality of defensive component scores for at least one of the users, at least one composite offensive score for at least one of the users and at least one composite defensive score for at least one of the users, the composite offensive score being determined based on a plurality of the component offensive scores and the composite defensive score being determined based on a plurality of the component defensive scores.

Citations

20 Claims

1. A system for evaluating cybersecurity awareness of an organization, comprising:
- an evaluation server including a processor and a memory, the memory storing non-transitory machine-readable code to be executed by the processor;
  
  at least one database storing a plurality of cybersecurity awareness evaluations, the database connected to the evaluation server;
  
  a plurality of clients connected to the evaluation server and configured to run at least one of the cybersecurity awareness evaluations by users on user devices, the users performing actions in the evaluations including offensive actions and defensive actions; and
  
  an evaluation dashboard including an interface configured to display selected ones of scoring results of the cybersecurity awareness evaluations as determined by the evaluation server based on the offensive and defensive actions of the users, the scoring results including a plurality of offensive component scores for at least one of the users, a plurality of defensive component scores for the at least one of the users, at least one composite offensive score for the at least one of the users and at least one composite defensive score for the at least one of the users, the composite offensive score being determined based on a plurality of the offensive component scores and the composite defensive score being determined based on a plurality of the defensive component scores.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a defensive component score for all defensive actions of the users DefAll_i:
  - 3. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a defensive component score for effective defensive actions DefEff1_iassociated with behavior i for the user for at any point during an evaluation:
  - 4. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a component offensive score OffAll_iassociated with behavior i at any point during an evaluation:
  - 5. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a component offensive effectiveness score OffEff1_iassociated with behavior i for at any point during an evaluation is
  - 6. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a composite behavior score BAll1_i:
  - 7. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a composite effectiveness score BEff1_i:
  - 8. The system of claim 6, wherein the server is further configured to determine and the evaluation dashboard is configured to display a total composite behavior score for a user for all actions CompAll is:
  - 9. The system of claim 7, wherein the server is further configured to determine and the evaluation dashboard is configured to display a composite total effectiveness score CompEff:
  - 10. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a current risk mitigation score CRM(r):
  - 11. The system of claim 10, wherein the server is further configured to determine and the evaluation dashboard is configured to display a total risk mitigation score TRM(r) for any given round r:
  - 12. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a kill chain alignment score KCA(r) at some round r during the evaluation:
  - 13. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a defensive awareness score DefAwr as:
  - 14. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a defensive readiness score:
  - 15. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a defensive results score DefRes:
    - DefRes=d_res·
      
      r, where d_resis a vector of weights and r is a results vector defined as;
  - 16. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a offensive results score OffRes:
    - OffRes=ō
      
      _res·
      
      swhere ō
      
      _resis a vector of weights and s is a vector of results, where s is;
  - 17. The system of claim 1, wherein the server is further configured to determine and the evaluation dashboard is configured to display a composite tactical score CompTac:
    - CompTac=ω
      
      _tac·
      
      t, where ω
      
      _tacis a vector of tactics component weights and t is a vector of tactics component scores, where t is defined as;
  - 18. The system of claim 17, wherein the server is further configured to determine and the evaluation dashboard is configured to display an overall awareness score A of a user as:
    - A=w·
      
      c, where w is a vector of weights and c is a vector of score components defined as;
  - 19. The system of claim 1, wherein the server is further configured to generate computer users for a user to play against, and a relative difficulty of the computer users is selectable.
  - 20. The gaming system of claim 19, wherein the computer users are configured to perform actions in accordance with predefined action sequence templates that script the computer user'"'"'s subsequent choices, wherein the action sequence templates define prerequisite conditions that must exist in order to trigger the action sequence.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Circadence Corporation
Original Assignee
Circadence Corporation
Inventors
Atencio, Phillip, Brubaker, Cassandra, Wright, George A., Dorris, Brandon, Grundy, Peter, Hardin, Charles A.

Granted Patent

US 11,257,393 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

A63F 13/46   Computing the game score

A63F 13/822   Strategy games; Role-playin...

G09B 19/0053   Computers, e.g. programming

G09B 5/12   different stations being ca...

H04L 63/1433   Vulnerability analysis

METHOD AND SYSTEM FOR EVALUATING INDIVIDUAL AND GROUP CYBER THREAT AWARENESS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR EVALUATING INDIVIDUAL AND GROUP CYBER THREAT AWARENESS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links