Method for the continuous calculation of a cyber security risk index
First Claim
1. A method for assessing a cyber security risk, the method comprising the steps of:
- obtaining cyber security precursor information from a plurality of sensors, wherein the cyber security precursor information is obtained from one or more online or offline sources;
normalizing the obtained cyber security precursor information from each sensor to a common information model based on a data source type identified for each sensor;
generating, from the normalized cyber security precursor information, a plurality of events;
computing, from the plurality of generated events, a plurality of facts, each fact comprising a reference to a set of events or facts that contributed to computing the fact;
calculating a plurality of risk indicators from the plurality of facts, each risk indicator calculated based on a time-series analysis of a type of the fact;
normalizing the plurality of risk indicators to a common model based on normalizing a plurality of facts used to calculate each risk indicator according to a data source type shared across events or analytic facts used to calculate each risk indicator;
calculating, using the plurality of normalized facts for each risk indicator, a plurality of cyber risk index component scores for each data source type; and
calculating, using the plurality cyber risk index component scores, a cyber risk indicator index.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for assessing a cyber security risk, the method comprising the steps of: obtaining cyber security precursor information from a plurality of sources, wherein the cyber security precursor information can be obtained from one or more online or offline sources; normalizing the obtained cyber security precursor information to a common information model; generating, from the normalized cyber security precursor information, one or more events; producing, from the one or more generated events, one or more facts; calculating a plurality of risk indicators from the one or more facts; normalizing the plurality of risk indicators to a common model; calculating, using the normalized plurality of risk indicators, one or more cyber risk index component scores; and calculating, using the one or more cyber risk index component scores, a cyber risk indicator index.
29 Citations
29 Claims
-
1. A method for assessing a cyber security risk, the method comprising the steps of:
-
obtaining cyber security precursor information from a plurality of sensors, wherein the cyber security precursor information is obtained from one or more online or offline sources; normalizing the obtained cyber security precursor information from each sensor to a common information model based on a data source type identified for each sensor; generating, from the normalized cyber security precursor information, a plurality of events; computing, from the plurality of generated events, a plurality of facts, each fact comprising a reference to a set of events or facts that contributed to computing the fact; calculating a plurality of risk indicators from the plurality of facts, each risk indicator calculated based on a time-series analysis of a type of the fact; normalizing the plurality of risk indicators to a common model based on normalizing a plurality of facts used to calculate each risk indicator according to a data source type shared across events or analytic facts used to calculate each risk indicator; calculating, using the plurality of normalized facts for each risk indicator, a plurality of cyber risk index component scores for each data source type; and calculating, using the plurality cyber risk index component scores, a cyber risk indicator index. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computerized system configured to assess a cyber security risk, the system comprising:
-
a plurality of sensors, the plurality of sensors configured to obtain cyber security precursor information; an event database configured to store one or more events; a fact database configured to store one or more facts; and a processor programmed to perform the steps of; receiving the cyber security precursor information from the plurality of sensors; normalizing the obtained cyber security precursor information from each sensor to a common information model based on a data source type identified for each sensor; generating, from the normalized cyber security precursor information, the plurality of events; storing the plurality of generated events in the event database; computing, from the plurality of generated events, a plurality of facts, each fact comprising a reference to a set of events or facts that contributed to computing the fact; storing the plurality of facts in the facts database; calculating a plurality of risk indicators from the plurality of facts, each risk indicator calculated based on a time-series analysis of a type of the fact; normalizing the plurality of risk indicators to a common model based on normalizing a plurality of facts used to calculate each risk indicator according to a data source type shared across events or analytic facts used to calculate each risk indicator; calculating, using the plurality of normalized facts for each risk indicator, a plurality of cyber risk index component scores for each data source type; and calculating, using the plurality cyber risk index component scores, a cyber risk indicator index. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer system configured to assess a cyber security risk, the computer system comprising:
-
a non-transitory computer-readable storage medium configured to store data collected by the computer system and comprising computer-executable instructions; a processor programmed to execute the computer-executable instructions resulting in the computer system performing the steps of; receiving cyber security precursor information from a plurality of sensors; normalizing the obtained cyber security precursor information from each sensor to a common information model based on a data source type identified for each sensor; generating, from the normalized cyber security precursor information, a plurality of events; storing the plurality of generated events in the non-transitory computer-readable storage medium; computing, from the plurality of generated events, a plurality of facts, each fact comprising a reference to a set of events or facts that contributed to computing the fact; storing the plurality of facts in the non-transitory computer-readable storage medium; calculating a plurality of risk indicators from the plurality of facts, each risk indicator calculated based on a time-series analysis of a type of the fact; normalizing the plurality of risk indicators to a common model based on normalizing a plurality of facts used to calculate each risk indicator according to a data source type shared across events or analytic facts used to calculate each risk indicator; calculating, using the plurality of normalized facts for each risk indicator, a plurality of cyber risk index component scores for each data source type; and calculating, using the plurality cyber risk index component scores, a cyber risk indicator index. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification