Diversity analysis with actionable feedback methodologies
First Claim
1. A method, comprising:
- assessing risk in a computer network of an entity, using a computer agent, wherein assessing of the risk is based on information, collected by the computer agent, wherein the collected information is other than information of an actual cyber security failure of the entity, and wherein the assessing of the risk comprises assessing, using a plurality of factors regarding the entity, a likelihood of an actor to initiate the cyber security failure, wherein assessing the risk includes determining at least one of a motivation score and a sophistication score, wherein the motivation score comprises a measure indicative of a motivation of the actor to initiate the cyber security failure, and wherein the sophistication score comprises a measure indicative of a quality of a defense of the entity with respect to the cyber security failure;
based on the assessed risk, automatically determining a set of computer network changes that could be made, wherein determining the set of computer network changes that could be made includes determining that the assessed risk would be lowered in the event that at least a portion of the set of computer network changes is implemented by the entity, and in response to determining the set of computer network changes that could be made, automatically recommending the set of computer network changes to the entity;
determining that the entity has enacted at least a portion of the set of recommended computer network changes, and in response, automatically reassessing the risk in the computer network of the entity based on the enacted computer network changes; and
dynamically re-determining, based on the reassessed risk, a value associated with at least one element of policy criteria of a cyber security policy.
5 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments of the present technology include methods of assessing risk of a cyber security failure in a computer network of an entity. Various embodiments also include automatically determining, based on the assessed risk, a change or a setting to at least one element of policy criteria of a cyber security policy, automatically recommending, based on the assessed risk, computer network changes to reduce the assessed risk, and providing one or more recommended computer network changes to reduce the assessed risk. Various embodiments further include enactment by the entity of at least one of the one or more of the recommended computer network changes to reduce the assessed risk to the entity, determining that the entity has enacted at least a portion of the recommended computer network changes, and in response, automatically reassessing the risk of a cyber security failure based on the enacted recommended computer network changes.
112 Citations
26 Claims
-
1. A method, comprising:
-
assessing risk in a computer network of an entity, using a computer agent, wherein assessing of the risk is based on information, collected by the computer agent, wherein the collected information is other than information of an actual cyber security failure of the entity, and wherein the assessing of the risk comprises assessing, using a plurality of factors regarding the entity, a likelihood of an actor to initiate the cyber security failure, wherein assessing the risk includes determining at least one of a motivation score and a sophistication score, wherein the motivation score comprises a measure indicative of a motivation of the actor to initiate the cyber security failure, and wherein the sophistication score comprises a measure indicative of a quality of a defense of the entity with respect to the cyber security failure; based on the assessed risk, automatically determining a set of computer network changes that could be made, wherein determining the set of computer network changes that could be made includes determining that the assessed risk would be lowered in the event that at least a portion of the set of computer network changes is implemented by the entity, and in response to determining the set of computer network changes that could be made, automatically recommending the set of computer network changes to the entity; determining that the entity has enacted at least a portion of the set of recommended computer network changes, and in response, automatically reassessing the risk in the computer network of the entity based on the enacted computer network changes; and dynamically re-determining, based on the reassessed risk, a value associated with at least one element of policy criteria of a cyber security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system, comprising:
-
a processor; and a memory communicatively coupled with the processor, the memory storing instructions which when executed by the processor performs a method comprising; assessing risk in a computer network of an entity, using a computer agent, wherein assessing of the risk is based on information, collected by the computer agent, wherein the collected information is other than information of an actual cyber security failure of the entity, and wherein the assessing of the risk comprises assessing, using a plurality of factors regarding the entity, a likelihood of an actor to initiate the cyber security failure, wherein assessing the risk includes determining at least one of a motivation score and a sophistication score, wherein the motivation score comprises a measure indicative of a motivation of the actor to initiate the cyber security failure, and wherein the sophistication score comprises a measure indicative of a quality of a defense of the entity with respect to the cyber security failure; based on the assessed risk, automatically determining a set of computer network changes that could be made, wherein determining the set of computer network changes that could be made includes determining that the assessed risk would be lowered in the event that at least a portion of the set of computer network changes is implemented by the entity, and in response to determining the set of computer network changes that could be made, automatically recommending the set of computer network changes to the entity; determining that the entity has enacted at least a portion of the set of recommended computer network changes, and in response, automatically reassessing the risk in the computer network of the entity based on the enacted computer network changes; and dynamically re-determining, based on the reassessed risk, a value associated with at least one element of policy criteria of a cyber security policy.
-
-
26. A method, comprising:
-
receiving an assessment of risk in a computer network of an entity from a computer agent, wherein assessment of the risk is based on information, collected by the computer agent, wherein the collected information is other than information of an actual cyber security failure of the entity, and wherein the assessment of the risk comprises assessing, using a plurality of factors regarding the entity, a likelihood of an actor to initiate the cyber security failure, wherein assessing the risk includes determining at least one of a motivation score and a sophistication score, wherein the motivation score comprises a measure indicative of a motivation of the actor to initiate the cyber security failure, and wherein the sophistication score comprises a measure indicative of a quality of a defense of the entity with respect to the cyber security failure; based on the assessed risk, automatically determining a set of computer network changes that could be made, wherein determining the set of computer network changes that could be made includes determining that the assessed risk would be lowered in the event that at least a portion of the set of computer network changes is implemented by the entity, and in response to determining the set of computer network changes that could be made, automatically recommending the set of computer network changes to the entity; determining that the entity has enacted at least a portion of the set of recommended computer network changes, and in response, automatically reassessing the risk in the computer network of the entity based on the enacted computer network changes; and dynamically re-determining, based on the reassessed risk, a value associated with at least one element of policy criteria of a cyber security policy.
-
Specification