Assessing threat to at least one computer network
First Claim
1. An apparatus including one or more computer processors and a non-transient computer readable memory, wherein the one or more computer processors are configured pursuant toprogramming code in a the non-transient computer readable memory to predict, for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity using a Monte Carlo method based on stochastic modelling of past observed threat events,wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, wherein the one or more computer processors are configured, for a given threat, to model a set of past observed threat events to obtain an estimate of at least one model parameter, and, in a Monte Carlo simulation of a given threat,to predict future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, and to predict a distribution of future threat events by repeating the simulation using a plurality of variables;
- andwherein the apparatus is further configured to determine an expected downtime of each of said systems in dependence upon said predicted future threat activity and to determine a financial loss for each of a plurality of operational processes dependent on the downtimes of each of said systems and to add the financial losses for said plurality of processes so as to obtain a combined financial loss arising from the predicted future threat activity.
1 Assignment
0 Petitions
Accused Products
Abstract
Apparatus configured to determine predicted threat activity based on stochastic modelling of threat events capable of affecting at least one computer network in which a plurality of systems operate.
-
Citations
30 Claims
-
1. An apparatus including one or more computer processors and a non-transient computer readable memory, wherein the one or more computer processors are configured pursuant to
programming code in a the non-transient computer readable memory to predict, for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity using a Monte Carlo method based on stochastic modelling of past observed threat events, wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, wherein the one or more computer processors are configured, for a given threat, to model a set of past observed threat events to obtain an estimate of at least one model parameter, and, in a Monte Carlo simulation of a given threat, to predict future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, and to predict a distribution of future threat events by repeating the simulation using a plurality of variables; - and
wherein the apparatus is further configured to determine an expected downtime of each of said systems in dependence upon said predicted future threat activity and to determine a financial loss for each of a plurality of operational processes dependent on the downtimes of each of said systems and to add the financial losses for said plurality of processes so as to obtain a combined financial loss arising from the predicted future threat activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- and
-
25. A computer-implemented method, the method being performed by a computer system having one or more computer processors and a non-transient computer readable memory, the one or more computer processors being configured pursuant to programming code in the non-transient computer readable memory, the method comprising:
- predicting, for each of a plurality of threats, future threat activity using a Monte Carlo method based on stochastic modelling of past observed threat events capable of affecting at least one computer network in which a plurality of systems operate,
wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses; wherein for each given threat the method comprises;
modelling a set of past observed threat events to obtain an estimate of at least one model parameter;performing a Monte Carlo simulation of the given threat by;
predicting future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, and predicting a distribution of future threat events by repeating the simulation using a plurality of variables; andwherein determining an expected downtime of each system in dependence upon said predicted future threat activity; determining a financial loss for each of a plurality of operational processes dependent on the downtimes of the systems; adding the financial losses for the plurality of processes to obtain a combined financial loss arising from the future threat activity. - View Dependent Claims (26, 27, 28)
- predicting, for each of a plurality of threats, future threat activity using a Monte Carlo method based on stochastic modelling of past observed threat events capable of affecting at least one computer network in which a plurality of systems operate,
-
29. A non-transitory computer readable medium having a computer program thereon, which when executed by a computer system having one or more computer processors and a non-transient computer readable memory, causes the computer system to predict, for each of a plurality of threats, future threat activity a Monte Carlo method based on stochastic modelling of past observed threat events capable of affecting at least one computer network in which a plurality of systems operate, wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses;
-
wherein execution of the computer program causes the computer system to perform, for each given threat, steps comprising; modelling a set of past observed threat events to obtain an estimate of at least one model parameter; performing a Monte Carlo simulation of the given threat by; predicting future threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable, and predicting a distribution of future threat events by repeating the simulation using a plurality of variables; and wherein determining an expected downtime of each system in dependence upon said predicted future threat activity; determining a financial loss for each of a plurality of operational processes dependent on the downtimes of the systems; adding the financial losses for the plurality of processes to obtain a combined financial loss arising from the future threat activity. - View Dependent Claims (30)
-
Specification