Dynamic risk management
First Claim
1. A method of dynamic risk management for an operating system of a computing device, the method comprising:
- automatically assessing a security state of the operating system of the computing device independent of security state changes;
determining, based on the assessing, a risk level RNew, wherein RNew=RCurrent+Σ
rfNew−
Σ
rfOld+riNew−
riOld where RCurrent is a current risk level, and where Σ
rfNew is a sum of scores assigned to new risk factors discovered by the assessing, and where Σ
rfOld is a sum of scores assigned to old risk factors of Rcurrent that are no longer discovered by the assessing, and where riNew is a new risk increment based on a combination of the new risk factors, and where riOld is an old risk increment based on a combination of the old risk factors;
causing an action related to the operating system of the computing device to be performed based on the risk level.
2 Assignments
0 Petitions
Accused Products
Abstract
A dynamic risk management system for operating systems that provides monitoring, detection, assessment, and follow-up action to reduce the risk whenever it rises. The system enables an operating system to protect itself automatically in dynamic environments. The risk management system monitors a diverse set of attributes of the system which determines the security state of the system and is indicative of the risk the system is under. Based on a specification of risk levels for the various attributes and for their combinations, the risk management system determines whether one or more actions are required to alleviate the overall risk to the system.
-
Citations
18 Claims
-
1. A method of dynamic risk management for an operating system of a computing device, the method comprising:
-
automatically assessing a security state of the operating system of the computing device independent of security state changes; determining, based on the assessing, a risk level RNew, wherein RNew=RCurrent+Σ
rfNew−
Σ
rfOld+riNew−
riOld where RCurrent is a current risk level, and where Σ
rfNew is a sum of scores assigned to new risk factors discovered by the assessing, and where Σ
rfOld is a sum of scores assigned to old risk factors of Rcurrent that are no longer discovered by the assessing, and where riNew is a new risk increment based on a combination of the new risk factors, and where riOld is an old risk increment based on a combination of the old risk factors;causing an action related to the operating system of the computing device to be performed based on the risk level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of dynamic risk management for an operating system of a computing device, the method comprising:
-
assessing a security state of the operating system of the computing device; automatically causing, in response to the assessing, a tiered set of actions related to the security state of the operating system of the computing device to be performed, wherein the tiered set of actions includes; (i) determining a risk level RNew, wherein RNew=RCurrent+Σ
rfNew−
Σ
rfOld+riNew−
riOld where RCurrent is a current risk level, and where Σ
rfNew is a sum of scores assigned to new risk factors discovered by the assessing, and where Σ
rfOld is a sum of scores assigned to old risk factors of RCurrent that are no longer discovered by the assessing, and where riNew is a new risk increment based on a combination of the new risk factors, and where riOld is an old risk increment based on a combination of the old risk factors, and(ii) causing a risk alleviation action related to the operating system of the computing device to be performed based on the risk level. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification