Apparatus and method for assessing financial loss from threats capable of affecting at least one computer network

US 9,418,226 B1
Filed: 02/07/2016
Issued: 08/16/2016
Est. Priority Date: 09/01/2010
Status: Active Grant

First Claim

Patent Images

1. Apparatus for assessing financial loss from threats capable of affecting at least one computer network, a network includes a plurality of interconnected networks, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems, an IT system defined in terms of physical location, and a plurality of operational business processes operating on the plurality of IT systems, the apparatus including one or more computer processors and a computer readable memory in which programming code is stored, wherein the one or more computer processors are configured pursuant to programming code in the computer readable memory to,predict for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity based on past observed threat activity wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, Trojan horses, computer worms, hacking and denial of service attacks, to receive observed threat data from a database, to extrapolate future threat event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target;

determine expected downtime of each system of the plurality of IT systems independence upon said predicted threat activity including the severity scores and extrapolated future event frequency;

determine financial loss for each of the plurality of operational business processes dependent on the downtimes of the IT systems;

add financial losses for the plurality of business processes to obtain a combined financial loss arising from the threat activity.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus for assessing threat to at least one computer network in which a plurality of systems (30₁, 30₂, 30₃, 30₄, 30₅, . . . 30_n) operate is configured to determine predicted threat activity (13), to determine expected downtime of each system in dependence upon said predicted threat activity, to determine loss (12_A, 12_B, 12_C, 12_D, 12_E, . . . , 12_m) for each of a plurality of operational processes (31_A, 31_B, 31_C, 31_D, 31_E, . . . 31_mdependent on the downtimes of the systems, to add losses for the plurality of processes so as to obtain a combined loss (12_SUM) arising from the threat activity.

Citations

16 Claims

1. Apparatus for assessing financial loss from threats capable of affecting at least one computer network, a network includes a plurality of interconnected networks, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems, an IT system defined in terms of physical location, and a plurality of operational business processes operating on the plurality of IT systems, the apparatus including one or more computer processors and a computer readable memory in which programming code is stored, wherein the one or more computer processors are configured pursuant to programming code in the computer readable memory to,predict for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity based on past observed threat activity wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, Trojan horses, computer worms, hacking and denial of service attacks, to receive observed threat data from a database, to extrapolate future threat event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target;
- determine expected downtime of each system of the plurality of IT systems independence upon said predicted threat activity including the severity scores and extrapolated future event frequency;
  
  determine financial loss for each of the plurality of operational business processes dependent on the downtimes of the IT systems;
  
  add financial losses for the plurality of business processes to obtain a combined financial loss arising from the threat activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The apparatus according to claim 1, wherein the instructions comprise:
    - a first module configured to determine the predicted threat activity including for the at least one electronic threat, to receive observed threat data from a database, to extrapolate future event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target;
      
      a second module configured to determine the expected downtime of each IT system of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency; and
      
      a third module configured to determine the loss for each of a plurality of business processes.
  - 3. The apparatus according to claim 2, wherein the third module is configured to add the financial losses for the plurality of business processes.
  - 4. The apparatus according to claim 1, wherein the apparatus is further configured to store at least one of the financial losses and the combined financial loss in a storage device.
  - 5. The apparatus according to claim 1, wherein the apparatus is configured to display at least one of the financial losses and the combined financial loss on a display device.
  - 6. The apparatus according to claim 1, further configured to output the predicted threat activity to a firewall.
  - 7. The apparatus according to claim 1, wherein loss is expressed as value at risk;
    - expected financial loss;
      
      quantified financial loss from disabled business processes;
      
      a priori organizational financial loss exposure.
  - 8. The apparatus according to claim 1, further configured to output a report of at least one of the predicted financial losses and the combined financial loss.
  - 9. The apparatus according to claim 1, wherein the observed list of threats includes, for each threat, information identifying at least one system.
  - 10. The apparatus according to claim 1, wherein the observed list of threats includes, for each threat, information identifying frequency of occurrence of the threat.
  - 11. The apparatus according to claim 10, wherein the frequency of occurrence of the threat includes at least one period of time and corresponding frequency of occurrence for the at least one period of time.
  - 12. The apparatus according to claim 1 wherein the plurality of IT systems include software systems, hardware systems, or a combination thereof.

13. A method for assessing financial loss from threats capable of affecting at least one computer network, a network includes a plurality of interconnected networks, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems, an IT system defined in terms of physical location, and a plurality of operational business processes operating on the plurality of IT systems, the apparatus including one or more computer processors and a computer readable memory in which programming code is stored, wherein the one or more computer processors are configured pursuant to programming code in the computer readable memory to,predict for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity based on past observed threat activity wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, Trojan horses, computer worms, hacking and denial of service attacks, to receive observed threat data from a database, to extrapolate future threat event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target;
- determine expected downtime of each system of the plurality of IT systems independence upon said predicted threat activity including the severity scores and extrapolated future event frequency;
  
  determine financial loss for each of the plurality of operational business processes dependent on the downtimes of the IT systems;
  
  add financial losses for the plurality of business processes to obtain a combined financial loss arising from the threat activity.
- View Dependent Claims (14, 15)
- - 14. The method according to claim 13, further comprising:
    - storing at least one of the financial losses; and
      
      combined financial loss in a storage device.
  - 15. The method according to claim 13, further comprising:
    - displaying at least one of the financial losses and combined financial on a display device.

16. A non-transitory computer readable memory storing a computer program which when executed by a computer system, causes the computer system to perform a method of assessing financial loss from threats capable of affecting at least one computer network, a network include a plurality of interconnected networks, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems, an IT system defined in terms of physical location, and a plurality of operational business processes operating on the plurality of IT systems, the method comprising:
- predict for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity based on past observed threat activity wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, Trojan horses, computer worms, hacking and denial of service attacks, to receive observed threat data from a database, to extrapolate future threat event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target;
  
  determine expected downtime of each system of the plurality of IT systems independence upon said predicted threat activity including the severity scores and extrapolated future event frequency;
  
  determine financial loss for each of the plurality of operational business processes dependent on the downtimes of the IT systems;
  
  add financial losses for the plurality of business processes to obtain a combined financial loss arising from the threat activity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phillip King-Wilson
Original Assignee
Phillip King-Wilson
Inventors
King-Wilson, Phillip
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
Garcia, Gary

Application Number

US15/017,645
Time in Patent Office

191 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/34   Recording or statistical ev...

G06F 21/56   Computer malware detection ...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/14   for detecting or protecting...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

Apparatus and method for assessing financial loss from threats capable of affecting at least one computer network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for assessing financial loss from threats capable of affecting at least one computer network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links