Device, method, and program product for determining an overall business service vulnerability score
First Claim
1. A device comprising:
- a communication interface 130 configured to;
receive one or more business service models from a configuration management database 210, wherein the one or more business service models each comprises a set of configuration items wherein the configuration items comprise IT assets, and wherein the one or more business service models each indicate a type of configuration item and a connectivity of the configuration item;
a computer configured to;
send the set of configuration items to a vulnerability assessment tool 220;
receive, a vulnerability score for each configuration item within the set of configuration items;
determine an overall business service vulnerability score for each of one or more business services based on the one or more business service models and the vulnerability scores;
wherein determining the overall business service vulnerability score comprises generating a weight based on a technology type and a topology type of each configuration item, and summing the product of the vulnerability score and a weight for each configuration item over all configuration items; and
output electronically the overall business service vulnerability score.
3 Assignments
0 Petitions
Accused Products
Abstract
A device, method, and program product are disclosed which are configured to receive, at a risk analysis engine, one or more business service models from a configuration management database, wherein the one or more business service models each comprises a set of configuration items, and wherein the one or more business service models each indicate a type of configuration item and a connectivity of the configuration item; send the set of configuration items to a vulnerability assessment tool; receive, from the vulnerability assessment tool, one or more vulnerability assessment scores for each configuration item within the set of configuration items; determine an overall business service vulnerability score for each of one or more business services based on the one or more business service models and the vulnerability assessment scores received from the vulnerability assessment tool; and output electronically the overall business service vulnerability score.
-
Citations
19 Claims
-
1. A device comprising:
-
a communication interface 130 configured to; receive one or more business service models from a configuration management database 210, wherein the one or more business service models each comprises a set of configuration items wherein the configuration items comprise IT assets, and wherein the one or more business service models each indicate a type of configuration item and a connectivity of the configuration item; a computer configured to; send the set of configuration items to a vulnerability assessment tool 220; receive, a vulnerability score for each configuration item within the set of configuration items; determine an overall business service vulnerability score for each of one or more business services based on the one or more business service models and the vulnerability scores;
wherein determining the overall business service vulnerability score comprises generating a weight based on a technology type and a topology type of each configuration item, and summing the product of the vulnerability score and a weight for each configuration item over all configuration items; andoutput electronically the overall business service vulnerability score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 17)
-
-
8. A method comprising:
-
receiving, at a risk analysis engine 200, one or more business service models from a configuration management database 210, wherein the one or more business service models each comprises a set of configuration items, and wherein the one or more business service models each indicate a type of configuration item and a connectivity of the configuration item, wherein the configuration items comprise IT assets; sending the set of configuration items to a vulnerability assessment tool 220; receiving, a vulnerability score for each configuration item within the set of configuration items; determining an overall business service vulnerability score for each of one or more business services based on the one or more business service models and the assessment, by generating the weight based on a technology type and a topology type for each configuration item in a business service model and by summing the product of the vulnerability score and a weight over all configuration items; and outputting electronically the overall business service vulnerability score. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
receiving, at a risk analysis engine, a business service model from a configuration management database, wherein the business service model comprises a set of configuration items, wherein the configuration items comprise IT assets, and wherein the business service model indicates a type of each configuration item and a connectivity of each configuration item; sending the set of configuration items to a vulnerability assessment tool; receiving, from the vulnerability assessment tool, a vector of vulnerability scores (V1, V2, V3 . . . Vn) for each configuration item within the set of configuration items; calculating, at the risk analysis engine, a vulnerability score (SCIx) for each configuration item, determining a weight (WCIx) for each configuration item by generating the weight (WCIx) based on a technology type and a topology type of the configuration item; calculating an overall business service vulnerability score by summing the product of the vulnerability score and a weight over all configuration items; and outputting electronically the overall business service vulnerability score to a risk modeling engine. - View Dependent Claims (16, 18, 19)
-
Specification