Apparatus and method for assessing financial loss from cyber threats capable of affecting at least one computer network
First Claim
1. Apparatus for assessing financial loss from cyber threats capable of affecting at least one computer network, the threat including at least one electronic threat, the computer network comprising a plurality of IT systems and a plurality of business processes operating on the plurality of IT systems, the apparatus comprising at least one processor configured pursuant to programming code in a non-transitory computer readable memory coupled to the processor, the non-transitory computer memory storing instructions executable by the processor that cause the processor to:
- predict future cyber threat activity using a Monte Carlo method based on stochastic modeling of actual past observed computer network cyber threat activity, to receive observed cyber threat data from a database, the list of observed cyber threats including information, for each threat, of identification of at least one computer system targeted, to extrapolate future event frequency, to produce a profile of predicted cyber threat activity, wherein for each actual observed cyber threat on the computer network, an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence, a target (or targets) for the threat and a severity score for the (each target) are included in the cyber threat data within the database,output the predicted future threat activity to one or more firewalls to improve their accuracy in correctly identifying cyber threats actually observed on the one or more computer networks to improve the accuracy of the apparatus and stochastic modeling of assessing financial loss from cyber threats on an ongoing basis,determine expected downtime of each system of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency,determine loss for each of the plurality of business processes dependent on the downtimes of the IT systems, andadd losses for the plurality of business processes so as to obtain a combined financial loss arising from the cyber threat activity.
0 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and method for assessing financial loss posed by cyber threats capable of affecting at least one computer network in which a plurality of systems operate based on statistical modelling of cyber threat events to determine predicted threat activity, to determine expected downtime of each system in dependence upon said predicted cyber threat activity, to determine financial loss for each of a plurality of operational processes dependent upon the downtimes of the systems, to add financial losses for the plurality of processes so as to obtain a combined financial loss arising from the cyber threat activity, to determine pricing of insurance, to determine cost benefit analysis of computer network security upgrades.
25 Citations
15 Claims
-
1. Apparatus for assessing financial loss from cyber threats capable of affecting at least one computer network, the threat including at least one electronic threat, the computer network comprising a plurality of IT systems and a plurality of business processes operating on the plurality of IT systems, the apparatus comprising at least one processor configured pursuant to programming code in a non-transitory computer readable memory coupled to the processor, the non-transitory computer memory storing instructions executable by the processor that cause the processor to:
-
predict future cyber threat activity using a Monte Carlo method based on stochastic modeling of actual past observed computer network cyber threat activity, to receive observed cyber threat data from a database, the list of observed cyber threats including information, for each threat, of identification of at least one computer system targeted, to extrapolate future event frequency, to produce a profile of predicted cyber threat activity, wherein for each actual observed cyber threat on the computer network, an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence, a target (or targets) for the threat and a severity score for the (each target) are included in the cyber threat data within the database, output the predicted future threat activity to one or more firewalls to improve their accuracy in correctly identifying cyber threats actually observed on the one or more computer networks to improve the accuracy of the apparatus and stochastic modeling of assessing financial loss from cyber threats on an ongoing basis, determine expected downtime of each system of the plurality of IT systems in dependence upon said predicted threat activity including the severity scores and extrapolated future event frequency, determine loss for each of the plurality of business processes dependent on the downtimes of the IT systems, and add losses for the plurality of business processes so as to obtain a combined financial loss arising from the cyber threat activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method, the method being performed by a computer system having one or more computer processors and a non-transitory computer readable memory in which programming code is stored, whereupon execution of the programming code by one or more computer processors the computer system performs operations comprising:
-
predicting future cyber threat activity, for each of a plurality of computer network cyber threats, using a Monte Carlo method based on stochastic modeling of actual past observed computer network cyber threat activity, to receive observed cyber threat data from a database, the list of observed cyber threats including information, for each threat, of identification of at least one computer system targeted, to extrapolate future event frequency, to produce a profile of predicted cyber threat activity, wherein for each actual observed cyber threat on the computer network, an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence, a target (or targets) for the threat and a severity score for the (each target) are included in the cyber threat data within the database, output the predicted future threat activity to one or more firewalls to improve their accuracy in correctly identifying cyber threats actually observed on the one or more computer networks to improve the accuracy of the apparatus and stochastic modeling of assessing financial loss from cyber threats on an ongoing basis, wherein for each given threat the method comprises; modeling a set of past observed computer network cyber threat events to obtain an estimate of at least one model parameter; performing a Monte Carlo simulation of the given computer network cyber threat by; predicting future computer network cyber threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable according to a predefined distribution and to use said at least one variable in the stochastic model and predicting a distribution of future computer network cyber threat events by repeating the simulation using a plurality of variables, determining expected downtime of each IT system in dependence upon said predicted future computer network cyber threat activity, determining financial loss for each of a plurality of operational processes dependent on the downtimes of the IT systems adding losses for the plurality of processes to obtain a combined financial loss arising from the future computer network cyber threat activity. - View Dependent Claims (12, 14)
-
-
13. A computer readable medium having a computer program thereon, which when executed by a computer system having one or more computer processors and a non-transitory computer readable memory, causes the computer system to perform steps comprising:
-
to predict, for each of a plurality of computer network cyber threats, future cyber threat activity using a Monte Carlo method based on stochastic modeling of actual past observed computer network cyber threat activity, to receive observed cyber threat data from a database, the list of observed cyber threats including information, for each threat, of identification of at least one computer system targeted, to extrapolate future event frequency, to produce a profile of predicted cyber threat activity, wherein for each actual observed cyber threat on the computer network, an identifier, a name, a description of the threat, a temporal profile specifying frequency of occurrence, a target (or targets) for the threat and a severity score for the (each target) are included in the cyber threat data within the database, output the predicted future threat activity to one or more firewalls to improve their accuracy in correctly identifying cyber threats actually observed on the one or more computer networks to improve the accuracy of the apparatus and stochastic modeling of assessing financial loss from cyber threats on an ongoing basis; wherein execution of the computer program causes the computer system to perform, for each given threat, steps further comprising; modeling a set of past observed computer network cyber threat events to obtain an estimate of at least one model parameter; performing a Monte Carlo simulation of the given computer network cyber threat by; predicting future computer network cyber threat events using the at least one model parameter and a stochastic model using a projection of at least one model parameter which is based on the estimate of at least one model parameter and on a randomly-drawn variable according to a predefined distribution and to use said at least one variable in the stochastic model and predicting a distribution of future computer network cyber threat events by repeating the simulation using a plurality of variables. - View Dependent Claims (15)
-
Specification