Estimating and visualizing security risk in information technology systems
First Claim
1. A computer-readable medium not comprising a propagated data signal containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for estimating risk for an IT asset in an enterprise network, the method comprising the steps of:
- receiving an assessment about a security state of the IT asset, the assessment being configured for communicating data indicating a type of problem with the IT asset, a severity of the problem, and a level of confidence that the problem with the IT asset exists;
applying a value of the IT asset and the data from the assessment to estimate a discrete risk category that is applicable to the IT asset;
estimating a security risk for the IT asset using a continuous risk expression; and
providing a visualization of the continuous risk expression through a GUI, the GUI including a dial indicator.
2 Assignments
0 Petitions
Accused Products
Abstract
Security risk for a single IT asset and/or a set of IT assets in a network such as an enterprise or corporate network may be estimated and represented in a visual form by categorizing risk into different discrete levels. The IT assets may include both computing devices and users. The risk categorization uses a security assessment of an IT asset that is generated to indicate the type of security problem encountered, the severity of the problem, and the fidelity of the assessment. The asset value of an IT asset to the enterprise is also assigned. Security risk is then categorized (and a numeric risk value provided) for each IT asset for different problem types by considering the IT asset value along with the severity and fidelity of the security assessment. The security risk for the enterprise is estimated using the numeric risk value and then displayed in visual form.
39 Citations
18 Claims
-
1. A computer-readable medium not comprising a propagated data signal containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for estimating risk for an IT asset in an enterprise network, the method comprising the steps of:
-
receiving an assessment about a security state of the IT asset, the assessment being configured for communicating data indicating a type of problem with the IT asset, a severity of the problem, and a level of confidence that the problem with the IT asset exists; applying a value of the IT asset and the data from the assessment to estimate a discrete risk category that is applicable to the IT asset; estimating a security risk for the IT asset using a continuous risk expression; and providing a visualization of the continuous risk expression through a GUI, the GUI including a dial indicator. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable medium not comprising a propagated data signal containing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for using an assessment that describes a state of security for an IT asset, the method comprising the steps of:
-
monitoring the state of security for the IT asset; generating the assessment when a security problem is detected that affects the IT asset, the assessment being configured for communicating data indicating a type of problem with the IT asset, a severity of the problem, and a probability of known loss with the IT asset; sending the assessment to an application, process, or service for processing, the processing being configured for providing an estimate of security risk that is associated with the monitored IT asset, wherein the estimate of security risk is provided using a continuous risk expression; and providing a visualization of the continuous risk expression through a GUI, the GUI including a dial indicator. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method implemented using a computing device for providing a visualization of security risk for a set of IT assets in an enterprise, the method comprising the steps of:
-
estimating a discrete security risk for the set of IT assets, the estimating comprising assigning a risk category based on a combination of IT asset values, severity of security problems affecting the IT assets, and fidelity of assessments describing a security state for each of the IT assets in the set; calculating a continuously-expressed security risk from numeric risk values, the numeric risk values being based on a combination of IT asset values, severity of security problems affecting the IT assets, and fidelity of assessments describing a security state for each of the IT assets in the set; and dynamically displaying the discrete security risk and the continuously-expressed security risk through a GUI operating on the computing device. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsGreenshpon, Adar, Karidi, Ron, Helman, Yair, Rubin, Shai Aharon
-
Primary Examiner(s)Hoffman, Brandon
-
Assistant Examiner(s)SONG, HEE K
-
Application NumberUS12/274,309Publication NumberTime in Patent Office1,581 DaysField of Search726/1, 726 22- 25, 706/52, 715/771, 715/764US Class Current726/25CPC Class CodesG06F 21/577 Assessing vulnerabilities a...H04L 63/1433 Vulnerability analysis
