Device, method, and program product for determining an overall business service vulnerability score

US 8,533,843 B2
Filed: 10/13/2008
Issued: 09/10/2013
Est. Priority Date: 10/13/2008
Status: Active Grant

First Claim

Patent Images

1. A device comprising:

a communication interface 130 configured to;

receive one or more business service models from a configuration management database 210, wherein the one or more business service models each comprises a set of configuration items wherein the configuration items comprise IT assets, and wherein the one or more business service models each indicate a type of configuration item and a connectivity of the configuration item;

a computer configured to;

send the set of configuration items to a vulnerability assessment tool 220;

receive, a vulnerability score for each configuration item within the set of configuration items;

determine an overall business service vulnerability score for each of one or more business services based on the one or more business service models and the vulnerability scores;

wherein determining the overall business service vulnerability score comprises generating a weight based on a technology type and a topology type of each configuration item, and summing the product of the vulnerability score and a weight for each configuration item over all configuration items; and

output electronically the overall business service vulnerability score.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device, method, and program product are disclosed which are configured to receive, at a risk analysis engine, one or more business service models from a configuration management database, wherein the one or more business service models each comprises a set of configuration items, and wherein the one or more business service models each indicate a type of configuration item and a connectivity of the configuration item; send the set of configuration items to a vulnerability assessment tool; receive, from the vulnerability assessment tool, one or more vulnerability assessment scores for each configuration item within the set of configuration items; determine an overall business service vulnerability score for each of one or more business services based on the one or more business service models and the vulnerability assessment scores received from the vulnerability assessment tool; and output electronically the overall business service vulnerability score.

Citations

19 Claims

1. A device comprising:
- a communication interface 130 configured to;
  
  receive one or more business service models from a configuration management database 210, wherein the one or more business service models each comprises a set of configuration items wherein the configuration items comprise IT assets, and wherein the one or more business service models each indicate a type of configuration item and a connectivity of the configuration item;
  
  a computer configured to;
  
  send the set of configuration items to a vulnerability assessment tool 220;
  
  receive, a vulnerability score for each configuration item within the set of configuration items;
  
  determine an overall business service vulnerability score for each of one or more business services based on the one or more business service models and the vulnerability scores;
  
  wherein determining the overall business service vulnerability score comprises generating a weight based on a technology type and a topology type of each configuration item, and summing the product of the vulnerability score and a weight for each configuration item over all configuration items; and
  
  output electronically the overall business service vulnerability score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 17)
- - 2. The device of claim 1, further comprising:
    - outputting electronically the overall business service vulnerability score for each of the one or more business services to a Risk Modeling Engine 230.
  - 3. The device of claim 1, wherein the device is configured to calculate a single vulnerability score for each configuration item based on the one or more vulnerability assessment scores received from the vulnerability assessment tool.
  - 4. The device of claim 1, wherein the device is configured to determine an overall business service vulnerability score based on a plurality of the business service models by determining a weight for each configuration item.
  - 5. The device of claim 4, wherein determining the weight for each configuration item comprises determining the weight based on type of technology associated with the configuration item.
  - 6. The device of claim 4, wherein determining the weight for each configuration item comprises determining the weight based on logical or physical connectivity of a configuration item.
  - 7. The device of claim 1, wherein the overall business service vulnerability score is determined based on a weight determined from the one or more business service models and a single vulnerability score determined for each configuration item.
  - 17. The method of claim 1, wherein the overall business service vulnerability score is calculated by BS=((S_CI1*W_CI1)+, . . . , +(S_CIX,*W_CIX)), where BS is the overall business service vulnerability score.

8. A method comprising:
- receiving, at a risk analysis engine 200, one or more business service models from a configuration management database 210, wherein the one or more business service models each comprises a set of configuration items, and wherein the one or more business service models each indicate a type of configuration item and a connectivity of the configuration item, wherein the configuration items comprise IT assets;
  
  sending the set of configuration items to a vulnerability assessment tool 220;
  
  receiving,a vulnerability score for each configuration item within the set of configuration items;
  
  determining an overall business service vulnerability score for each of one or more business services based on the one or more business service models and the assessment, by generating the weight based on a technology type and a topology type for each configuration item in a business service model and by summing the product of the vulnerability score and a weight over all configuration items; and
  
  outputting electronically the overall business service vulnerability score.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - outputting electronically the overall business service vulnerability score for each of the one or more business services to a Risk Modeling Engine 230.
  - 10. The method of claim 8, further comprising calculating a single vulnerability score for each configuration item based on the one or more vulnerability assessment scores received from the vulnerability assessment tool 220.
  - 11. The method of claim 8, wherein determining an overall business service vulnerability score based on the one or more business service models comprises determining a weight for each configuration item.
  - 12. The method of claim 11, wherein determining the weight for each configuration item comprises determining the weight based on type of technology associated with the configuration item.
  - 13. The method of claim 11, wherein determining the weight for each configuration item comprises determining the weight based on logical or physical connectivity of a configuration item.
  - 14. The method of claim 8, wherein the overall business service vulnerability score is determined based on a weight determined from the one or more business service models and a single vulnerability score determined for each configuration item.

15. A method comprising:
- receiving, at a risk analysis engine, a business service model from a configuration management database, wherein the business service model comprises a set of configuration items, wherein the configuration items comprise IT assets, and wherein the business service model indicates a type of each configuration item and a connectivity of each configuration item;
  
  sending the set of configuration items to a vulnerability assessment tool;
  
  receiving, from the vulnerability assessment tool, a vector of vulnerability scores (V₁, V₂, V₃. . . V_n) for each configuration item within the set of configuration items;
  
  calculating, at the risk analysis engine, a vulnerability score (S_CIx) for each configuration item,determining a weight (W_CIx) for each configuration item by generating the weight (W_CIx) based on a technology type and a topology type of the configuration item;
  
  calculating an overall business service vulnerability score by summing the product of the vulnerability score and a weight over all configuration items; and
  
  outputting electronically the overall business service vulnerability score to a risk modeling engine.
- View Dependent Claims (16, 18, 19)
- - 16. The method of claim 15, wherein the vulnerability score is defined by S_CIX=F₁(V₁, V₂, V₃. . . V_n), where F₁is a function for combining the individual values in the vector of vulnerability scores, x is a number of configuration items in the set, and n is a number of vulnerability scores.
  - 18. The method of claim 15, further comprising:
    - determining a business criticality value for the business service; and
      
      graphically displaying the overall business service vulnerability verses the business criticality value for the business service.
  - 19. The method of claim 15, further comprising listing tasks to be taken to lower the vulnerability score of a configuration item from an actual vulnerability score to a target vulnerability score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marqeta, Inc.
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Levi, Eliav
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
NAJEE-ULLAH, TARIQ S

Application Number

US12/250,199
Publication Number

US 20100095381A1
Time in Patent Office

1,793 Days
Field of Search

726/25, 705/7.28, 705/18, 705317-318, 705/325, 705/348, 703/13
US Class Current

726/25
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/06   Resources, workflows, human...

G06Q 10/0635   Risk analysis of enterprise...

H04L 63/1433   Vulnerability analysis

Device, method, and program product for determining an overall business service vulnerability score

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Device, method, and program product for determining an overall business service vulnerability score

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links