System and method of cyber threat intensity determination and application to cyber threat mitigation
First Claim
1. A security system, comprising:
- a computer system;
a memory accessible to the computer system;
a data store comprising a plurality of consensus evaluations and a plurality of cyber threat analyst ratings; and
an application stored in the memory that, when executed by the computer system;
generates a cyber threat report based on user inputs, wherein the report comprises an identification of a cyber threat intent and the identification of a cyber threat technology,receives from a cyber threat analyst an input of a cyber threat frequency score associated with a set of cyber threat intelligence, an input of a cyber threat likelihood score associated with the set of cyber threat intelligence, and an input of a cyber threat capability score associated with the set of cyber threat intelligence, andgenerates a cyber threat intensity based on the cyber threat frequency score, based on the cyber threat likelihood score, based on the cyber threat capability score, and based on a cyber threat analyst rating of the plurality of cyber threat analyst ratings stored in the data store, wherein the cyber threat analyst rating indicates at least one accuracy of the cyber threat analyst in scoring at least one of a cyber threat frequency, a cyber threat likelihood, or a cyber threat capability, and wherein the cyber threat intensity is different depending on the cyber threat analyst rating,wherein the cyber threat report and the cyber threat intensity are used to select one or more cyber risk mitigation actions to manage a cyber risk of an enterprise or organization.
7 Assignments
0 Petitions
Accused Products
Abstract
A security system comprising a computer, a memory, a data store comprising a plurality of consensus evaluations and a plurality of cyber threat analyst ratings, and an application stored in the memory. When executed by the computer, the application generates a cyber threat report that identifies of a cyber threat intent and a cyber threat technology, receives from a cyber threat analyst an input of a cyber threat frequency score, an input of a cyber threat likelihood score, and an input of a cyber threat capability score, and generates a cyber threat intensity based on the scores and based on a cyber threat analyst rating stored in the data store and associated with the cyber threat analyst inputting the scores, whereby the cyber threat report and the cyber threat intensity are used to select cyber risk mitigation actions to economically manage the cyber risk of an enterprise or organization.
-
Citations
23 Claims
-
1. A security system, comprising:
-
a computer system; a memory accessible to the computer system; a data store comprising a plurality of consensus evaluations and a plurality of cyber threat analyst ratings; and an application stored in the memory that, when executed by the computer system; generates a cyber threat report based on user inputs, wherein the report comprises an identification of a cyber threat intent and the identification of a cyber threat technology, receives from a cyber threat analyst an input of a cyber threat frequency score associated with a set of cyber threat intelligence, an input of a cyber threat likelihood score associated with the set of cyber threat intelligence, and an input of a cyber threat capability score associated with the set of cyber threat intelligence, and generates a cyber threat intensity based on the cyber threat frequency score, based on the cyber threat likelihood score, based on the cyber threat capability score, and based on a cyber threat analyst rating of the plurality of cyber threat analyst ratings stored in the data store, wherein the cyber threat analyst rating indicates at least one accuracy of the cyber threat analyst in scoring at least one of a cyber threat frequency, a cyber threat likelihood, or a cyber threat capability, and wherein the cyber threat intensity is different depending on the cyber threat analyst rating, wherein the cyber threat report and the cyber threat intensity are used to select one or more cyber risk mitigation actions to manage a cyber risk of an enterprise or organization. - View Dependent Claims (2)
-
-
3. A method of mitigating cybercrime risk, comprising:
-
determining a cyber threat analyst rating based on evaluating a scoring accuracy of a cyber threat analyst to score at least one of a cyber threat frequency, a cyber threat likelihood, and a cyber threat capability based on an evaluation set of cyber threat intelligence, wherein the cyber threat analyst rating indicates at least one accuracy of the cyber threat analyst in scoring the at least one of the cyber threat frequency, the cyber threat likelihood, or the cyber threat capability; receiving, by an application stored in a memory and executable by a processor, from the cyber threat analyst, an input of a cyber threat frequency score associated with a set of cyber threat intelligence, an input of a cyber threat likelihood score associated with the set of cyber threat intelligence, and an input of a cyber threat capability score associated with the set of cyber threat intelligence; determining, by the application, a cyber threat intensity based on the cyber threat frequency score, on the cyber threat likelihood score, and on the cyber threat capability score associated with the set of threat intelligence and based on the cyber threat analyst rating, wherein the cyber threat intensity is different depending on the cyber threat analyst rating; and deploying at least one electronic countermeasure to mitigate a cybercrime risk associated with the set of cyber threat intelligence based at least in part on the cyber threat intensity. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A security system, comprising:
-
a computer system; a memory accessible to the computer system; and an application stored in the memory that, when executed by the computer system; accesses a cyber threat report including a cyber threat assessment generated by a cyber threat analyst, the cyber threat assessment including, for each of a plurality of identified cyber threats, one or more quantified components each comprising a score determined by the cyber threat analyst, the cyber threats potentially actualized as cyber attacks against any of a plurality of organizations; generates an evaluation of the cyber threats based on the cyber threat assessment and based on a cyber threat analyst rating of the cyber threat analyst accessed from a data store, wherein the cyber threat analyst rating indicates at least one accuracy of the cyber threat analyst in assessing the cyber threats, and wherein the evaluation of the cyber threats is different depending on the cyber threat analyst rating; and generates a cyber threat risk to an organization of the plurality of organizations based on the evaluation of the cyber threats and based on technology deployed by the organization, the cyber threat risk being provided by the application for use in selecting one or more cyber risk mitigation actions to manage the cyber risk of the organization. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A method of mitigating cybercrime risk, comprising:
-
accessing, by an application stored in a memory and executable by a processor, one or more stored scores regarding a cyber threat determined by an analyst and a rating of the analyst, wherein the rating of the analyst indicates at least one accuracy of the analyst in scoring each of a plurality of standard cyber threats; generating, by the application, an evaluation of the cyber threat to an organization based on the one or more stored scores and based on the rating of the analyst, wherein the evaluation of the cyber threat is different depending on the rating of the analyst; and deploying at least one electronic countermeasure to mitigate the cyber threat based at least in part on the evaluation of the cyber threat. - View Dependent Claims (20, 21, 22, 23)
-
Specification