System and method for cyber attacks analysis and decision support
First Claim
1. A method for cyber attack risk assessment, the method comprising using at least one hardware processor for:
- (i) continuously collecting global cyber attack data from a networked resource, wherein the global cyber attack data comprises multiple attacks performed using multiple attack methods directed at multiple attacker objectives;
(ii) collecting organizational profile data, comprising;
(a) multiple assets, each relevant to at least one of the attacker objectives, and(b) multiple defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods; and
(iii) continuously computing multiple cyber attack risk scores, comprising an enterprise cyber attack risk score, and an asset cyber attack risk score for each of the assets, wherein each asset cyber attack risk score is computed with respect to;
(a) the attack methods directed at the attacker objectives relevant to the asset,(b) the defensive controls provided to protect the asset, and(c) a control maturity score representing the capability of the defensive controls to protect the asset;
wherein the control maturity score is computed with respect to a control group comprising a set of the defensive controls that protect against a specific one of the attack methods,wherein the control maturity score is computed as a function of a policy fulfillment level for each of the defensive controls in the control group,wherein continuously computing multiple cyber attack risk scores further comprises calculating a probability of success parameter (PoS) that reflects the capability of a specific one of the attack methods to break through the control groups,wherein the PoS parameter for an attack method is computed as the minimum PoS parameter for multiple control groups associated with the attack method, wherein the multiple attacks are implemented by multiple attackers via multiple attack vectors,wherein each vector includes a set of the multiple attack methods that are required to succeed in the attack,wherein each vector has a many-to-many relationship with the multiple attack methods, and the multiple attacker objectives,wherein the multiple attack methods have a many-to-many relationship with the multiple defensive controls, and the multiple control groups, andwherein the enterprise cyber attack risk score is determined as an aggregation of multiple PoS parameters for the multiple attack vectors, the multiple attack objectives and the multiple attackers.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for cyber attack risk assessment is disclosed. The method uses at least one hardware processor for: continuously collecting, from a networked resource, cyber attack data having multiple attack methods directed at multiple objectives. The method also collects organizational profile data, having: assets, each relevant to at least one of the objectives, and defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods. The method continuously computes: an enterprise risk score, and an asset risk score for each of the assets. Each asset risk score is computed with respect to: the attack methods directed at the objectives relevant to the asset, the defensive controls provided to protect the asset, and a maturity score representing the capability of the defensive controls to protect the asset. The method also continuously displays a dynamic rendition of the risk scores.
-
Citations
13 Claims
-
1. A method for cyber attack risk assessment, the method comprising using at least one hardware processor for:
-
(i) continuously collecting global cyber attack data from a networked resource, wherein the global cyber attack data comprises multiple attacks performed using multiple attack methods directed at multiple attacker objectives; (ii) collecting organizational profile data, comprising; (a) multiple assets, each relevant to at least one of the attacker objectives, and (b) multiple defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods; and (iii) continuously computing multiple cyber attack risk scores, comprising an enterprise cyber attack risk score, and an asset cyber attack risk score for each of the assets, wherein each asset cyber attack risk score is computed with respect to; (a) the attack methods directed at the attacker objectives relevant to the asset, (b) the defensive controls provided to protect the asset, and (c) a control maturity score representing the capability of the defensive controls to protect the asset; wherein the control maturity score is computed with respect to a control group comprising a set of the defensive controls that protect against a specific one of the attack methods, wherein the control maturity score is computed as a function of a policy fulfillment level for each of the defensive controls in the control group, wherein continuously computing multiple cyber attack risk scores further comprises calculating a probability of success parameter (PoS) that reflects the capability of a specific one of the attack methods to break through the control groups, wherein the PoS parameter for an attack method is computed as the minimum PoS parameter for multiple control groups associated with the attack method, wherein the multiple attacks are implemented by multiple attackers via multiple attack vectors, wherein each vector includes a set of the multiple attack methods that are required to succeed in the attack, wherein each vector has a many-to-many relationship with the multiple attack methods, and the multiple attacker objectives, wherein the multiple attack methods have a many-to-many relationship with the multiple defensive controls, and the multiple control groups, and wherein the enterprise cyber attack risk score is determined as an aggregation of multiple PoS parameters for the multiple attack vectors, the multiple attack objectives and the multiple attackers. - View Dependent Claims (2)
-
-
3. A non-transitory computer-readable storage medium (CRM) comprising computer-executable code for cyber attack risk assessment, the code configured to:
-
(i) continuously collect global cyber attack data from a networked resource, wherein the global cyber attack data comprises multiple attacks performed using multiple attack methods directed at multiple attacker objectives; (ii) collect organizational profile data, comprising; (a) multiple assets, each relevant to at least one of the attacker objectives, and (b) multiple defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods; and (iii) continuously compute multiple cyber attack risk scores, comprising; (a) an enterprise cyber attack risk score, (b) an asset cyber attack risk score for each of the assets, wherein each asset cyber attack risk score is computed with respect to; (i) the attack methods directed at the attacker objectives relevant to the asset, (ii) the defensive controls provided to protect the asset, and (iii) a control maturity score representing the capability of the defensive controls to protect the asset; wherein the control maturity score is computed with respect to a control group comprising a set of the defensive controls that protect against a specific one of the attack methods, wherein the control maturity score is computed as a function of a policy fulfillment level for each of the defensive controls in the control group, wherein continuously computing multiple cyber attack risk scores further comprises calculating a probability of success parameter (PoS) that reflects the capability of a specific one of the attack methods to break through the control groups, wherein the PoS parameter for an attack method is computed as the minimum PoS parameter for multiple control groups associated with the attack method, wherein the multiple attacks are implemented by multiple attackers via multiple attack vectors; wherein each vector includes a set of the multiple attack methods that are required to succeed in the attack; wherein each vector has a many-to-many relationship with the multiple attack methods, and the multiple attacker objectives; wherein the multiple attack methods have a many-to-many relationship with the multiple defensive controls, and the multiple control groups, and wherein the enterprise cyber attack risk score is determined as an aggregation of multiple PoS parameters for the multiple attack vectors, the multiple attack objectives and the multiple attackers. - View Dependent Claims (4, 5, 6)
-
-
7. A system for cyber attack risk assessment, the system comprising:
-
at least one hardware processor; a network component; and a non-transitory computer-readable storage medium comprising computer-executable code for cyber attack risk assessment, the code configured to; (i) continuously collect, using the network component, global cyber attack data from a networked resource, wherein the global cyber attack data comprises multiple attacks performed using multiple attack methods directed at multiple attacker objectives; (ii) collect organizational profile data, comprising; (a) multiple assets, each relevant to at least one of the attacker objectives, and (b) multiple defensive controls, each configured to protect at least one of the assets by resisting one or more of the attack methods; and (iii) continuously compute multiple cyber attack risk scores, comprising; (a) an enterprise cyber attack risk score, and (b) an asset cyber attack risk score for each of the assets, wherein each asset cyber attack risk score is computed with respect to; (i) the attack methods directed at the attacker objectives relevant to the asset, (ii) the defensive controls provided to protect the asset, and (iii) a control maturity score representing the capability of the defensive controls to protect the asset; wherein the control maturity score is computed with respect to a control group comprising a set of the defensive controls that protect against a specific one of the attack methods, wherein the control maturity score is computed as a function of a policy fulfillment level for each of the defensive controls in the control group, wherein continuously computing multiple cyber attack risk scores further comprises calculating a probability of success parameter (PoS) that reflects the capability of a specific one of the attack methods to break through the control groups, wherein the PoS parameter for an attack method is computed as the minimum PoS parameter for multiple control groups associated with the attack method, wherein the multiple attacks are implemented by multiple attackers via multiple attack vectors; wherein each vector includes a set of the multiple attack methods that are required to succeed in the attack, wherein each vector has a many-to-many relationship with the multiple attack methods, and the multiple attacker objectives, and wherein the multiple attack methods have a many-to-many relationship with the multiple defensive controls and the multiple control groups, and wherein the enterprise cyber attack risk score is determined as an aggregation of multiple PoS parameters for the multiple attack vectors, the multiple attack objectives and the multiple attackers. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification