Assessing threat to at least one computer network

US 9,143,523 B2
Filed: 12/31/2007
Issued: 09/22/2015
Est. Priority Date: 12/31/2007
Status: Active Grant

First Claim

Patent Images

1. Apparatus for assessing threat to at least one computer network, the threat including at least one electronic threat, the computer network comprising a plurality of IT systems and a plurality of business processes operating on the plurality of IT systems, wherein (a) at least one IT system has two or more of the plurality of business processes operating thereon or (b) at least one business process operates on two or more of the plurality of IT systems, the apparatus comprising at least one processor and a memory coupled to the processor, the memory storing instructions executable by the processor that cause the processor to:

predict future threat activity based on past observed threat activity including, for the at least one electronic threat, to receive observed threat data from a database, to extrapolate future event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target,determine expected downtime of each system of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency,determine loss for each of the plurality of business processes dependent on the downtimes of the IT systems, andadd losses for the plurality of business processes so as to obtain a combined loss arising from the threat activity.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus for assessing threat to at least one computer network in which a plurality of systems (30₁, 30₂, 30₃, 30₄, 30₅, . . . 30_n) operate is configured to determine predicted threat activity (13), to determine expected downtime of each system in dependence upon said predicted threat activity, to determine loss (12_A, 12_B, 12_C, 12_D, 12_E, . . . , 12_m) for each of a plurality of operational processes (31_A, 31_B, 31_C, 31_D, 31_E, . . . 31_m) dependent on the downtimes of the systems, to add losses for the plurality of processes so as to obtain a combined loss (12_SUM) arising from the threat activity.

Citations

15 Claims

1. Apparatus for assessing threat to at least one computer network, the threat including at least one electronic threat, the computer network comprising a plurality of IT systems and a plurality of business processes operating on the plurality of IT systems, wherein (a) at least one IT system has two or more of the plurality of business processes operating thereon or (b) at least one business process operates on two or more of the plurality of IT systems, the apparatus comprising at least one processor and a memory coupled to the processor, the memory storing instructions executable by the processor that cause the processor to:
- predict future threat activity based on past observed threat activity including, for the at least one electronic threat, to receive observed threat data from a database, to extrapolate future event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target,determine expected downtime of each system of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency,determine loss for each of the plurality of business processes dependent on the downtimes of the IT systems, andadd losses for the plurality of business processes so as to obtain a combined loss arising from the threat activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus according to claim 1, wherein the instructions comprise:
    - a first module configured to determine the predicted threat activity including, for the at least one electronic threat, to receive observed threat data from a database, to extrapolate future event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target;
      
      a second module configured to determine the expected downtime of each IT system of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency; and
      
      a third module configured to determine the loss for each of a plurality of business processes.
  - 3. The apparatus according to claim 2, wherein the third module is configured to add the losses for the plurality of business processes.
  - 4. The apparatus according to claim 1, wherein the apparatus is further configured to store at least one of the losses and the combined loss in a storage device.
  - 5. The apparatus according to claim 1, wherein the apparatus is configured to display at least one of the losses and the combined loss on a display device.
  - 6. The apparatus according to claim 1, further configured to output the predicted threat activity to a firewall.
  - 7. The apparatus according to claim 1, wherein loss is value at risk.
  - 8. The apparatus according to claim 1, wherein the observed list of threats includes, for each threat, information identifying at least one system.
  - 9. The apparatus according to claim 1, wherein the observed list of threats includes, for each threat, information identifying frequency of occurrence of the threat.
  - 10. The apparatus according to claim 9, wherein the frequency of occurrence of the threat includes at least one period of time and corresponding frequency of occurrence for the at least one period of time.
  - 11. The apparatus according to claim 1 wherein the plurality of IT systems include a plurality of software systems.

12. A method of assessing threat to at least one computer network, the threat including at least one electronic threat, the network comprising a plurality of IT systems wherein a plurality of business processes operate on the plurality of IT systems, and wherein (a) at least one IT system has two or more of the plurality of business processes operating thereon or (b) at least one business process operates on two or more of the plurality of IT systems, the method comprising, by using at least one computer processor:
- predicting threat activity based on past observed activity including, for the at least one electronic threat, to receive observed threat data from a database, to extrapolate future event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target;
  
  determining expected downtime of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency;
  
  determining loss for the plurality of business processes dependent on the downtimes of the IT systems;
  
  adding losses for the plurality of business processes to obtain a combined loss arising from the threat activity.
- View Dependent Claims (13, 14)
- - 13. The method according to claim 12, further comprising:
    - storing at least one of the losses and combined loss in a storage device.
  - 14. The method according to claim 12, further comprising:
    - displaying at least one of the losses and combined loss on a display device.

15. A non-transitory computer readable medium storing a computer program which when executed by a computer system, causes the computer system to perform a method of assessing threat to at least one computer network, the threat including at least one electronic threat, the computer network comprising a plurality of IT systems wherein a plurality of business processes operate on the plurality of IT systems, and wherein (a) at least one IT system has two or more of the plurality of business processes operating thereon or (b) at least one business process operates on two or more of the plurality of IT systems, the method comprising:
- predicting threat activity based on past observed activity including, for the at least one electronic threat, to receive observed threat data from a database, to extrapolate future event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target;
  
  determining expected downtime of each of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency;
  
  determining loss for the plurality of business processes dependent on the downtimes of the IT systems;
  
  adding losses for the plurality of business processes to obtain a combined loss arising from the threat activity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quantar Solutions Limited
Original Assignee
Phillip King-Wilson
Inventors
Evrard, Phillipe
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
GRACIA, GARY S

Application Number

US12/811,208
Publication Number

US 20100325731A1
Time in Patent Office

2,822 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1433   Vulnerability analysis

Assessing threat to at least one computer network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Assessing threat to at least one computer network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links