Apparatus and method for assessing financial loss from threats capable of affecting at least one computer network
First Claim
1. Apparatus for assessing financial loss from threats capable of affecting at least one computer network, a network includes a plurality of interconnected networks, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems, an IT system defined in terms of physical location, and a plurality of operational business processes operating on the plurality of IT systems, the apparatus including one or more computer processors and a computer readable memory in which programming code is stored, wherein the one or more computer processors are configured pursuant to programming code in the computer readable memory to,predict for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity based on past observed threat activity wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, Trojan horses, computer worms, hacking and denial of service attacks, to receive observed threat data from a database, to extrapolate future threat event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target;
- determine expected downtime of each system of the plurality of IT systems independence upon said predicted threat activity including the severity scores and extrapolated future event frequency;
determine financial loss for each of the plurality of operational business processes dependent on the downtimes of the IT systems;
add financial losses for the plurality of business processes to obtain a combined financial loss arising from the threat activity.
0 Assignments
0 Petitions
Accused Products
Abstract
Apparatus for assessing threat to at least one computer network in which a plurality of systems (301, 302, 303, 304, 305, . . . 30n) operate is configured to determine predicted threat activity (13), to determine expected downtime of each system in dependence upon said predicted threat activity, to determine loss (12A, 12B, 12C, 12D, 12E, . . . , 12m) for each of a plurality of operational processes (31A, 31B, 31C, 31D, 31E, . . . 31m dependent on the downtimes of the systems, to add losses for the plurality of processes so as to obtain a combined loss (12SUM) arising from the threat activity.
-
Citations
16 Claims
-
1. Apparatus for assessing financial loss from threats capable of affecting at least one computer network, a network includes a plurality of interconnected networks, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems, an IT system defined in terms of physical location, and a plurality of operational business processes operating on the plurality of IT systems, the apparatus including one or more computer processors and a computer readable memory in which programming code is stored, wherein the one or more computer processors are configured pursuant to programming code in the computer readable memory to,
predict for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity based on past observed threat activity wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, Trojan horses, computer worms, hacking and denial of service attacks, to receive observed threat data from a database, to extrapolate future threat event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target; -
determine expected downtime of each system of the plurality of IT systems independence upon said predicted threat activity including the severity scores and extrapolated future event frequency; determine financial loss for each of the plurality of operational business processes dependent on the downtimes of the IT systems; add financial losses for the plurality of business processes to obtain a combined financial loss arising from the threat activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for assessing financial loss from threats capable of affecting at least one computer network, a network includes a plurality of interconnected networks, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems, an IT system defined in terms of physical location, and a plurality of operational business processes operating on the plurality of IT systems, the apparatus including one or more computer processors and a computer readable memory in which programming code is stored, wherein the one or more computer processors are configured pursuant to programming code in the computer readable memory to,
predict for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity based on past observed threat activity wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, Trojan horses, computer worms, hacking and denial of service attacks, to receive observed threat data from a database, to extrapolate future threat event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target; -
determine expected downtime of each system of the plurality of IT systems independence upon said predicted threat activity including the severity scores and extrapolated future event frequency; determine financial loss for each of the plurality of operational business processes dependent on the downtimes of the IT systems; add financial losses for the plurality of business processes to obtain a combined financial loss arising from the threat activity. - View Dependent Claims (14, 15)
-
-
16. A non-transitory computer readable memory storing a computer program which when executed by a computer system, causes the computer system to perform a method of assessing financial loss from threats capable of affecting at least one computer network, a network include a plurality of interconnected networks, the threats including at least one electronic threat, the computer network comprising a plurality of IT systems, an IT system defined in terms of physical location, and a plurality of operational business processes operating on the plurality of IT systems, the method comprising:
-
predict for each of a plurality of threats capable of affecting at least one computer network in which a plurality of systems operate, future threat activity based on past observed threat activity wherein the plurality of threats includes a plurality of electronic threats and the plurality of electronic threats includes a plurality of computer viruses, Trojan horses, computer worms, hacking and denial of service attacks, to receive observed threat data from a database, to extrapolate future threat event frequency and to produce a profile of predicted threat activity, wherein the observed threat data includes observed threats and, for each observed threat, one or more targets for the observed threat and a severity score for each target; determine expected downtime of each system of the plurality of IT systems independence upon said predicted threat activity including the severity scores and extrapolated future event frequency; determine financial loss for each of the plurality of operational business processes dependent on the downtimes of the IT systems; add financial losses for the plurality of business processes to obtain a combined financial loss arising from the threat activity.
-
Specification