Supply chain cyber security auditing systems, methods and computer program products
First Claim
Patent Images
1. A method of operating a computer system comprising:
- receiving, at the computer system over a computer network, a network transmission comprising first software patch management information for computer systems of a first entity from the first entity, wherein the first entity comprises a first commercial enterprise or government organization;
receiving, over the computer network at the computer system, a network transmission comprising first supplier information and first supplier weightings from the first entity, wherein the first supplier information identifies other entities that supply first products or services comprising products or services other than computer products or services to the first entity, and wherein the first supplier weightings identify different weightings depending upon an importance to the first entity of the first products or services comprising products or services other than computer products or services that are supplied by the other entities to the first entity;
receiving, at the computer system over the computer network, a network transmission comprising second software patch management information for computer systems of a second entity from the second entity,wherein the second entity comprises a second commercial enterprise or government organization distinct from the first commercial enterprise or government organization of the first entity;
receiving, at the computer system over the computer network, a network transmission comprising second supplier information and second supplier weightings from the second entity, wherein the second supplier information identifies other entities that supply second products or services comprising products or services other than computer products or services to the second entity, and wherein the second supplier weightings identify different weightings depending upon an importance to the second entity of the products or services comprising products or services other than computer products or services that are supplied by the other entities to the second entity;
associating, by the computer system, the first entity with a supply chain based upon the first supplier information and the second supplier information, wherein the supply chain comprises a multi-level web of nested members that are linked in producer-supplier relationships for the first products or services comprising products or services other than computer products or services,wherein the second entity is a supplier of the first entity included in the first supplier information and a member of the multi-level web of nested members;
calculating, by the computer system, a first metric of cyber preparedness for the first entity in the supply chain that comprises the multi-level web of nested members that are linked in producer-supplier relationships for the first products and services comprising products or services other than computer products or services, based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information;
calculating, by the computer system, a second metric of cyber preparedness for the second entity based on the second supplier information, the second supplier weightings, and the second software patch management information; and
transmitting, over the computer network, a network transmission comprising the first metric of cyber preparedness to the first entity within the supply chain,wherein the transmitting comprises transmitting a graphic illustration of the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain for the first products or services comprising products or services other than computer products or services, to the first entity as a member of the supply chain, along with a calculation of cyber preparedness of the other entities in the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain, andwherein the calculation of cyber preparedness of the other entities comprises the second metric of cyber preparedness.
1 Assignment
0 Petitions
Accused Products
Abstract
Software patch information is received from an entity. Supplier information is also received from the entity. The entity is directly or indirectly associated with a supply chain based upon the supplier information. A metric of cyber preparedness in the supply chain is identified based upon the software patch management information. The metric of cyber preparedness is communicated to a member of the supply chain (i.e., an entity in the supply chain). Related systems, methods and computer program products as described.
25 Citations
21 Claims
-
1. A method of operating a computer system comprising:
-
receiving, at the computer system over a computer network, a network transmission comprising first software patch management information for computer systems of a first entity from the first entity, wherein the first entity comprises a first commercial enterprise or government organization; receiving, over the computer network at the computer system, a network transmission comprising first supplier information and first supplier weightings from the first entity, wherein the first supplier information identifies other entities that supply first products or services comprising products or services other than computer products or services to the first entity, and wherein the first supplier weightings identify different weightings depending upon an importance to the first entity of the first products or services comprising products or services other than computer products or services that are supplied by the other entities to the first entity; receiving, at the computer system over the computer network, a network transmission comprising second software patch management information for computer systems of a second entity from the second entity, wherein the second entity comprises a second commercial enterprise or government organization distinct from the first commercial enterprise or government organization of the first entity; receiving, at the computer system over the computer network, a network transmission comprising second supplier information and second supplier weightings from the second entity, wherein the second supplier information identifies other entities that supply second products or services comprising products or services other than computer products or services to the second entity, and wherein the second supplier weightings identify different weightings depending upon an importance to the second entity of the products or services comprising products or services other than computer products or services that are supplied by the other entities to the second entity; associating, by the computer system, the first entity with a supply chain based upon the first supplier information and the second supplier information, wherein the supply chain comprises a multi-level web of nested members that are linked in producer-supplier relationships for the first products or services comprising products or services other than computer products or services, wherein the second entity is a supplier of the first entity included in the first supplier information and a member of the multi-level web of nested members; calculating, by the computer system, a first metric of cyber preparedness for the first entity in the supply chain that comprises the multi-level web of nested members that are linked in producer-supplier relationships for the first products and services comprising products or services other than computer products or services, based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information; calculating, by the computer system, a second metric of cyber preparedness for the second entity based on the second supplier information, the second supplier weightings, and the second software patch management information; and transmitting, over the computer network, a network transmission comprising the first metric of cyber preparedness to the first entity within the supply chain, wherein the transmitting comprises transmitting a graphic illustration of the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain for the first products or services comprising products or services other than computer products or services, to the first entity as a member of the supply chain, along with a calculation of cyber preparedness of the other entities in the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain, and wherein the calculation of cyber preparedness of the other entities comprises the second metric of cyber preparedness. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A cyber auditor hub comprising:
-
a processor; and a memory coupled to the processor and comprising computer readable program code embodied in the memory that when executed by the processor causes the processor to perform operations comprising; receiving, over a computer network, a network transmission comprising first software patch management information for computer systems of a first entity from the first entity, wherein the first entity comprises a first commercial enterprise or government organization; receiving, over the computer network, a network transmission comprising first supplier information and first supplier weightings from the first entity, wherein the first supplier information identifies other entities that supply first products or services comprising products or services other than computer products or services to the first entity, and wherein the first supplier weightings identify different weightings depending upon an importance to the first entity of the first products or services comprising products or services other than computer products or services that are supplied by the other entities to the first entity; receiving, over the computer network, a network transmission comprising second software patch management information for computer systems of a second entity from the second entity, wherein the second entity comprises a second commercial enterprise or government organization distinct from the first commercial enterprise or government organization of the first entity; receiving, over the computer network, a network transmission comprising second supplier information and second supplier weightings from the second entity, wherein the second supplier information identifies other entities that supply second products or services comprising products or services other than computer products or services to the second entity, and wherein the second supplier weightings identify different weightings depending upon an importance to the second entity of the products or services comprising products or services other than computer products or services that are supplied by the other entities to the second entity; associating the first entity with a supply chain based upon the first supplier information and the second supplier information, wherein the supply chain comprises a multi-level web of nested members that are linked in producer-supplier relationships for the first products or services comprising products or services other than computer products or services, wherein the second entity is a supplier of the first entity included in the first supplier information and a member of the multi-level web of nested members; calculating a first metric of cyber preparedness for the first entity in the supply chain that comprises the multi-level web of nested members that are linked in producer-supplier relationships for the first products and services comprising products or services other than computer products or services, based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information; calculating, by the computer system, a second metric of cyber preparedness for the second entity based on the second supplier information, the second supplier weightings, and the second software patch management information; and transmitting, over the computer network, a network transmission comprising the first metric of cyber preparedness to the first entity within the supply chain, wherein the transmitting comprises transmitting a graphic illustration of the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain for the first products or services comprising products or services other than computer products or services, to the first entity as a member of the supply chain, along with a calculation of cyber preparedness of the other entities in the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain, and wherein the calculation of cyber preparedness of the other entities comprises the second metric of cyber preparedness. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product, comprising:
-
a tangible non-transitory computer readable storage medium comprising computer readable program code embodied in the medium that when executed by at least one processor of a computer system causes the at least one processor to perform operations comprising; receiving, at the computer system over a computer network, a network transmission comprising first software patch management information for computer systems of a first entity from the first entity, wherein the first entity comprises a first commercial enterprise or government organization; receiving, over the computer network at the computer system, a network transmission comprising first supplier information and first supplier weightings from the first entity, wherein the first supplier information identifies other entities that supply first products or services comprising products or services other than computer products or services to the first entity, and wherein the first supplier weightings identify different weightings depending upon an importance to the first entity of the first products or services comprising products or services other than computer products or services that are supplied by the other entities to the first entity; receiving, at the computer system over the computer network, a network transmission comprising second software patch management information for computer systems of a second entity from the second entity, wherein the second entity comprises a second commercial enterprise or government organization distinct from the first commercial enterprise or government organization of the first entity; receiving, at the computer system over the computer network, a network transmission comprising second supplier information and second supplier weightings from the second entity, wherein the second supplier information identifies other entities that supply second products or services comprising products or services other than computer products or services to the second entity, and wherein the second supplier weightings identify different weightings depending upon an importance to the second entity of the products or services comprising products or services other than computer products or services that are supplied by the other entities to the second entity; associating, by the processor, the first entity with a supply chain based upon the first supplier information and the second supplier information, wherein the supply chain comprises a multi-level web of nested members that are linked in producer-supplier relationships for the first products or services comprising products or services other than computer products or services, wherein the second entity is a supplier of the first entity included in the first supplier information and a member of the multi-level web of nested members; calculating, by the processor, a first metric of cyber preparedness for the first entity in the supply chain that comprises the multi-level web of nested members that are linked in producer-supplier relationships for the first products and services comprising products or services other than computer products or services, based upon the first software patch management information, the first supplier information, the first supplier weightings, and the second software patch management information; calculating, by the processor, a second metric of cyber preparedness for the second entity based on the second supplier information, the second supplier weightings, and the second software patch management information; and transmitting, over the computer network, a network transmission comprising the first metric of cyber preparedness the first entity within the supply chain, wherein the transmitting comprises transmitting a graphic illustration of the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain for the first products or services comprising products or services other than computer products or services, to the first entity as a member of the supply chain, along with a calculation of cyber preparedness of the other entities in the multi-level web of nested members that are linked in producer-supplier relationships of the supply chain, and wherein the calculation of cyber preparedness of the other entities comprises the second metric of cyber preparedness. - View Dependent Claims (18, 19, 20, 21)
-
Specification