Supply chain cyber security auditing systems, methods and computer program products

US 9,298,925 B1
Filed: 03/08/2013
Issued: 03/29/2016
Est. Priority Date: 03/08/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A method of operating a computer system comprising:

receiving, at the computer system over a computer network, a network transmission comprising first software patch management information for computer systems of a first entity from the first entity, wherein the first entity comprises a first commercial enterprise or government organization;

receiving, over the computer network at the computer system, a network transmission comprising first supplier information and first supplier weightings from the first entity, wherein the first supplier information identifies other entities that supply first products or services comprising products or services other than computer products or services to the first entity, and wherein the first supplier weightings identify different weightings depending upon an importance to the first entity of the first products or services comprising products or services other than computer products or services that are supplied by the other entities to the first entity;

receiving, at the computer system over the computer network, a network transmission comprising second software patch management information for computer systems of a second entity from the second entity,wherein the second entity comprises a second commercial enterprise or government organization distinct from the first commercial enterprise or government organization of the first entity;

receiving, at the computer system over the computer network, a network transmission comprising second supplier information and second supplier weightings from the second entity, wherein the second supplier information identifies other entities that supply second products or services comprising products or services other than computer products or services to the second entity, and wherein the second supplier weightings identify different weightings depending upon an importance to the second entity of the products or services comprising products or services other than computer products or services that are supplied by the other entities to the second entity;

associating, by the computer system, the first entity with a supply chain based upon the first supplier information and the second supplier information, wherein the supply chain comprises a multi-level web of nested members that are linked in producer-supplier relationships for the first products or services comprising products or services other than computer products or services,wherein the second entity is a supplier of the first entity included in the first supplier information and a member of the multi-level web of nested members;

calculating, by the computer system, a first metric of cyber preparedness for the first entity in the supply chain that comprises the multi-level web of nested members that are linked in producer-supplier relationships for the first products and services comprising products or services other than computer products or services, based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information;

calculating, by the computer system, a second metric of cyber preparedness for the second entity based on the second supplier information, the second supplier weightings, and the second software patch management information; and

transmitting, over the computer network, a network transmission comprising the first metric of cyber preparedness to the first entity within the supply chain,wherein the transmitting comprises transmitting a graphic illustration of the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain for the first products or services comprising products or services other than computer products or services, to the first entity as a member of the supply chain, along with a calculation of cyber preparedness of the other entities in the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain, andwherein the calculation of cyber preparedness of the other entities comprises the second metric of cyber preparedness.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Software patch information is received from an entity. Supplier information is also received from the entity. The entity is directly or indirectly associated with a supply chain based upon the supplier information. A metric of cyber preparedness in the supply chain is identified based upon the software patch management information. The metric of cyber preparedness is communicated to a member of the supply chain (i.e., an entity in the supply chain). Related systems, methods and computer program products as described.

25 Citations

View as Search Results

21 Claims

1. A method of operating a computer system comprising:
- receiving, at the computer system over a computer network, a network transmission comprising first software patch management information for computer systems of a first entity from the first entity, wherein the first entity comprises a first commercial enterprise or government organization;
  
  receiving, over the computer network at the computer system, a network transmission comprising first supplier information and first supplier weightings from the first entity, wherein the first supplier information identifies other entities that supply first products or services comprising products or services other than computer products or services to the first entity, and wherein the first supplier weightings identify different weightings depending upon an importance to the first entity of the first products or services comprising products or services other than computer products or services that are supplied by the other entities to the first entity;
  
  receiving, at the computer system over the computer network, a network transmission comprising second software patch management information for computer systems of a second entity from the second entity,wherein the second entity comprises a second commercial enterprise or government organization distinct from the first commercial enterprise or government organization of the first entity;
  
  receiving, at the computer system over the computer network, a network transmission comprising second supplier information and second supplier weightings from the second entity, wherein the second supplier information identifies other entities that supply second products or services comprising products or services other than computer products or services to the second entity, and wherein the second supplier weightings identify different weightings depending upon an importance to the second entity of the products or services comprising products or services other than computer products or services that are supplied by the other entities to the second entity;
  
  associating, by the computer system, the first entity with a supply chain based upon the first supplier information and the second supplier information, wherein the supply chain comprises a multi-level web of nested members that are linked in producer-supplier relationships for the first products or services comprising products or services other than computer products or services,wherein the second entity is a supplier of the first entity included in the first supplier information and a member of the multi-level web of nested members;
  
  calculating, by the computer system, a first metric of cyber preparedness for the first entity in the supply chain that comprises the multi-level web of nested members that are linked in producer-supplier relationships for the first products and services comprising products or services other than computer products or services, based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information;
  
  calculating, by the computer system, a second metric of cyber preparedness for the second entity based on the second supplier information, the second supplier weightings, and the second software patch management information; and
  
  transmitting, over the computer network, a network transmission comprising the first metric of cyber preparedness to the first entity within the supply chain,wherein the transmitting comprises transmitting a graphic illustration of the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain for the first products or services comprising products or services other than computer products or services, to the first entity as a member of the supply chain, along with a calculation of cyber preparedness of the other entities in the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain, andwherein the calculation of cyber preparedness of the other entities comprises the second metric of cyber preparedness.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1 further comprising normalizing the first software patch management information and/or the second software patch management information that was received.
  - 3. The method according to claim 1 further comprising receiving a software patch management weighting from the second entity of the supply chain and wherein calculating the first metric of cyber preparedness for the first entity in the supply chain based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information comprises calculating the first metric of cyber preparedness for the first entity in the supply chain based upon the first software patch management information, the first supplier information, the first supplier weightings, the second software patch management information, and the software patch management weighting.
  - 4. The method according to claim 1 wherein the first software patch management information comprises a software patch-related key performance indicator.
  - 5. The method according to claim 4 wherein calculating the first metric of cyber preparedness for the first entity in the supply chain based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information comprises identifying a deviation from a nominal value of the software patch-related key performance indicator.
  - 6. The method according to claim 1 wherein transmitting the first metric of cyber preparedness to the first entity within of the supply chain further comprises transmitting a warning to the first entity within the supply chain to indicate a lapse of cyber preparedness of an entity in the supply chain.
  - 7. The method according to claim 1 wherein the multi-level web of nested members that are linked in producer-supplier relationships comprises at least four levels.
  - 8. The method according to claim 7, wherein a first level of the multi-level web of nested members that are linked in producer-supplier relationships comprises the second entity supplying a product or service of the first products or services comprising products or services other than computer products or services to the first entity,wherein a second level of the multi-level web of nested members that are linked in producer-supplier relationships comprises a third entity supplying a product or service of the second products or services comprising products or services other than computer products or services to the second entity,wherein a third level of the multi-level web of nested members that are linked in producer-supplier relationships comprises a fourth entity supplying a product or service of third products or services comprising products or services other than computer products or services to the third entity, andwherein a fourth level of the multi-level web of nested members that are linked in producer-supplier relationships comprises a fifth entity supplying a product or service of fourth products or services comprising products or services other than computer products or services to the fifth entity.

9. A cyber auditor hub comprising:
- a processor; and
  
  a memory coupled to the processor and comprising computer readable program code embodied in the memory that when executed by the processor causes the processor to perform operations comprising;
  
  receiving, over a computer network, a network transmission comprising first software patch management information for computer systems of a first entity from the first entity, wherein the first entity comprises a first commercial enterprise or government organization;
  
  receiving, over the computer network, a network transmission comprising first supplier information and first supplier weightings from the first entity, wherein the first supplier information identifies other entities that supply first products or services comprising products or services other than computer products or services to the first entity, and wherein the first supplier weightings identify different weightings depending upon an importance to the first entity of the first products or services comprising products or services other than computer products or services that are supplied by the other entities to the first entity;
  
  receiving, over the computer network, a network transmission comprising second software patch management information for computer systems of a second entity from the second entity,wherein the second entity comprises a second commercial enterprise or government organization distinct from the first commercial enterprise or government organization of the first entity;
  
  receiving, over the computer network, a network transmission comprising second supplier information and second supplier weightings from the second entity, wherein the second supplier information identifies other entities that supply second products or services comprising products or services other than computer products or services to the second entity, and wherein the second supplier weightings identify different weightings depending upon an importance to the second entity of the products or services comprising products or services other than computer products or services that are supplied by the other entities to the second entity;
  
  associating the first entity with a supply chain based upon the first supplier information and the second supplier information, wherein the supply chain comprises a multi-level web of nested members that are linked in producer-supplier relationships for the first products or services comprising products or services other than computer products or services,wherein the second entity is a supplier of the first entity included in the first supplier information and a member of the multi-level web of nested members;
  
  calculating a first metric of cyber preparedness for the first entity in the supply chain that comprises the multi-level web of nested members that are linked in producer-supplier relationships for the first products and services comprising products or services other than computer products or services, based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information;
  
  calculating, by the computer system, a second metric of cyber preparedness for the second entity based on the second supplier information, the second supplier weightings, and the second software patch management information; and
  
  transmitting, over the computer network, a network transmission comprising the first metric of cyber preparedness to the first entity within the supply chain,wherein the transmitting comprises transmitting a graphic illustration of the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain for the first products or services comprising products or services other than computer products or services, to the first entity as a member of the supply chain, along with a calculation of cyber preparedness of the other entities in the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain, andwherein the calculation of cyber preparedness of the other entities comprises the second metric of cyber preparedness.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The cyber auditor hub according to claim 9 wherein receiving the first software patch management information from the first entity comprises normalizing the first software patch management information.
  - 11. The cyber auditor hub according to claim 9 further comprising receiving a software patch management weighting from the second entity of the supply chain and wherein calculating the first metric of cyber preparedness for the first entity in the supply chain based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information comprises calculating the first metric of cyber preparedness for the first entity in the supply chain based upon the first software patch management information, the first supplier information, the first supplier weightings, the second software patch management information, and the software patch management weighting.
  - 12. The cyber auditor hub according to claim 9 wherein the first software patch management information comprises a software patch-related key performance indicator.
  - 13. The cyber auditor hub according to claim 12 wherein calculating the first metric of cyber preparedness for the first entity in the supply chain based upon first the software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information comprises identifying a deviation from a nominal value of the software patch-related key performance indicator.
  - 14. The cyber auditor hub according to claim 9 wherein transmitting the first metric of cyber preparedness to the first entity within the supply chain further comprises transmitting a warning to the first entity within the supply chain to indicate a lapse of cyber preparedness of an entity in the supply chain.
  - 15. The cyber auditor hub according to claim 9 wherein the multi-level web of nested members that are linked in producer-supplier relationships comprises at least four levels.
  - 16. The cyber auditor hub according to claim 15 wherein a first level of the multi-level web of nested members that are linked in producer-supplier relationships comprises the second entity supplying a product or service of the first products or services comprising products or services other than computer products or services to the first entity,wherein a second level of the multi-level web of nested members that are linked in producer-supplier relationships comprises a third entity supplying a product or service of the second products or services comprising products or services other than computer products or services to the second entity,wherein a third level of the multi-level web of nested members that are linked in producer-supplier relationships comprises a fourth entity supplying a product or service of third products or services comprising products or services other than computer products or services to the third entity, andwherein a fourth level of the multi-level web of nested members that are linked in producer-supplier relationships comprises a fifth entity supplying a product or service of fourth products or services comprising products or services other than computer products or services to the fifth entity.

17. A computer program product, comprising:
- a tangible non-transitory computer readable storage medium comprising computer readable program code embodied in the medium that when executed by at least one processor of a computer system causes the at least one processor to perform operations comprising;
  
  receiving, at the computer system over a computer network, a network transmission comprising first software patch management information for computer systems of a first entity from the first entity, wherein the first entity comprises a first commercial enterprise or government organization;
  
  receiving, over the computer network at the computer system, a network transmission comprising first supplier information and first supplier weightings from the first entity, wherein the first supplier information identifies other entities that supply first products or services comprising products or services other than computer products or services to the first entity, and wherein the first supplier weightings identify different weightings depending upon an importance to the first entity of the first products or services comprising products or services other than computer products or services that are supplied by the other entities to the first entity;
  
  receiving, at the computer system over the computer network, a network transmission comprising second software patch management information for computer systems of a second entity from the second entity,wherein the second entity comprises a second commercial enterprise or government organization distinct from the first commercial enterprise or government organization of the first entity;
  
  receiving, at the computer system over the computer network, a network transmission comprising second supplier information and second supplier weightings from the second entity, wherein the second supplier information identifies other entities that supply second products or services comprising products or services other than computer products or services to the second entity, and wherein the second supplier weightings identify different weightings depending upon an importance to the second entity of the products or services comprising products or services other than computer products or services that are supplied by the other entities to the second entity;
  
  associating, by the processor, the first entity with a supply chain based upon the first supplier information and the second supplier information, wherein the supply chain comprises a multi-level web of nested members that are linked in producer-supplier relationships for the first products or services comprising products or services other than computer products or services,wherein the second entity is a supplier of the first entity included in the first supplier information and a member of the multi-level web of nested members;
  
  calculating, by the processor, a first metric of cyber preparedness for the first entity in the supply chain that comprises the multi-level web of nested members that are linked in producer-supplier relationships for the first products and services comprising products or services other than computer products or services, based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information;
  
  calculating, by the processor, a second metric of cyber preparedness for the second entity based on the second supplier information, the second supplier weightings, and the second software patch management information; and
  
  transmitting, over the computer network, a network transmission comprising the first metric of cyber preparedness the first entity within the supply chain,wherein the transmitting comprises transmitting a graphic illustration of the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain for the first products or services comprising products or services other than computer products or services, to the first entity as a member of the supply chain, along with a calculation of cyber preparedness of the other entities in the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain, andwherein the calculation of cyber preparedness of the other entities comprises the second metric of cyber preparedness.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer program product according to claim 17 wherein the first software patch management information comprises a software patch-related key performance indicator.
  - 19. The computer program product according to claim 17 wherein the first metric of cyber preparedness for the first entity in the supply chain comprises a deviation from a nominal value of a software patch-related key performance indicator.
  - 20. The computer program product according to claim 17 wherein the multi-level web of nested members that are linked in producer-supplier relationships comprises at least four levels.
  - 21. The computer program product according to claim 20wherein a first level of the multi-level web of nested members that are linked in producer-supplier relationships comprises the second entity supplying a product or service of the first products or services comprising products or services other than computer products or services to the first entity,wherein a second level of the multi-level web of nested members that are linked in producer-supplier relationships comprises a third entity supplying a product or service of the second products or services comprising products or services other than computer products or services to the second entity,wherein a third level of the multi-level web of nested members that are linked in producer-supplier relationships comprises a fourth entity supplying a product or service of third products or services comprising products or services other than computer products or services to the third entity, andwherein a fourth level of the multi-level web of nested members that are linked in producer-supplier relationships comprises a fifth entity supplying a product or service of fourth products or services comprising products or services other than computer products or services to the fifth entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Crittall, Rob, Viljoen, Pierre Jacques, Forsyth, Luke
Primary Examiner(s)
AVERY, JEREMIAH L

Application Number

US13/791,741
Time in Patent Office

1,117 Days
Field of Search

726/22, 726/25
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/00   Network architectures or ne...

H04L 63/1433   Vulnerability analysis

Supply chain cyber security auditing systems, methods and computer program products

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Supply chain cyber security auditing systems, methods and computer program products

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links