Diversity analysis with actionable feedback methodologies

US 10,341,376 B2
Filed: 04/14/2016
Issued: 07/02/2019
Est. Priority Date: 12/29/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

assessing risk in a computer network of an entity, using a computer agent, wherein assessing of the risk is based on information, collected by the computer agent, wherein the collected information is other than information of an actual cyber security failure of the entity, and wherein the assessing of the risk comprises assessing, using a plurality of factors regarding the entity, a likelihood of an actor to initiate the cyber security failure, wherein assessing the risk includes determining at least one of a motivation score and a sophistication score, wherein the motivation score comprises a measure indicative of a motivation of the actor to initiate the cyber security failure, and wherein the sophistication score comprises a measure indicative of a quality of a defense of the entity with respect to the cyber security failure;

based on the assessed risk, automatically determining a set of computer network changes that could be made, wherein determining the set of computer network changes that could be made includes determining that the assessed risk would be lowered in the event that at least a portion of the set of computer network changes is implemented by the entity, and in response to determining the set of computer network changes that could be made, automatically recommending the set of computer network changes to the entity;

determining that the entity has enacted at least a portion of the set of recommended computer network changes, and in response, automatically reassessing the risk in the computer network of the entity based on the enacted computer network changes; and

dynamically re-determining, based on the reassessed risk, a value associated with at least one element of policy criteria of a cyber security policy.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of the present technology include methods of assessing risk of a cyber security failure in a computer network of an entity. Various embodiments also include automatically determining, based on the assessed risk, a change or a setting to at least one element of policy criteria of a cyber security policy, automatically recommending, based on the assessed risk, computer network changes to reduce the assessed risk, and providing one or more recommended computer network changes to reduce the assessed risk. Various embodiments further include enactment by the entity of at least one of the one or more of the recommended computer network changes to reduce the assessed risk to the entity, determining that the entity has enacted at least a portion of the recommended computer network changes, and in response, automatically reassessing the risk of a cyber security failure based on the enacted recommended computer network changes.

112 Citations

26 Claims

1. A method, comprising:
- assessing risk in a computer network of an entity, using a computer agent, wherein assessing of the risk is based on information, collected by the computer agent, wherein the collected information is other than information of an actual cyber security failure of the entity, and wherein the assessing of the risk comprises assessing, using a plurality of factors regarding the entity, a likelihood of an actor to initiate the cyber security failure, wherein assessing the risk includes determining at least one of a motivation score and a sophistication score, wherein the motivation score comprises a measure indicative of a motivation of the actor to initiate the cyber security failure, and wherein the sophistication score comprises a measure indicative of a quality of a defense of the entity with respect to the cyber security failure;
  
  based on the assessed risk, automatically determining a set of computer network changes that could be made, wherein determining the set of computer network changes that could be made includes determining that the assessed risk would be lowered in the event that at least a portion of the set of computer network changes is implemented by the entity, and in response to determining the set of computer network changes that could be made, automatically recommending the set of computer network changes to the entity;
  
  determining that the entity has enacted at least a portion of the set of recommended computer network changes, and in response, automatically reassessing the risk in the computer network of the entity based on the enacted computer network changes; and
  
  dynamically re-determining, based on the reassessed risk, a value associated with at least one element of policy criteria of a cyber security policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method of claim 1, wherein the cyber security failure comprises a cyber attack.
  - 3. The method of claim 1, wherein the cyber security failure comprises a privacy incident involving sensitive information.
  - 4. The method of claim 1, wherein the computer agent is further configured to perform at least one of collecting information from the computer network of the entity, and analyzing information from the computer network of the entity.
  - 5. The method of claim 1, further comprising:
    - based on the assessing of the risk, plotting one or more of a plurality of features of the entity and other members of a peer group of the entity, the plotting being configured to visually illustrate the risk; and
      
      the automatically recommending of computer network changes being based on the plotting.
  - 6. The method of claim 5, wherein the plotting is performed in a matrix that visually illustrates the risk.
  - 7. The method of claim 6, further comprising:
    - in response to the determining that the entity has enacted at least a portion of the recommended computer network changes, initiating the change or the setting to the at least one element of policy criteria of the cyber security policy.
  - 8. The method of claim 5, wherein the assessing of the risk further comprises assessing, using a plurality of sophistication elements for the entity, a sophistication for the entity with respect to preventing the cyber security failure, the sophistication being one of the one or more features of the entity.
  - 9. The method of claim 1, wherein the actor is a hacker.
  - 10. The method of claim 1, wherein the assessing of the risk further comprises:
    - assessing, using a plurality of sophistication elements for the entity, a sophistication for the entity with respect to preventing the cyber security failure, the sophistication being one of the plurality of features of the entity.
  - 11. The method of claim 10, further comprising calculating a composite score from the motivation score and the sophistication score, the motivation score representing a plurality of motivation elements, the sophistication score representing a plurality of sophistication elements.
  - 12. The method of claim 11, further comprising:
    - creating an aggregate risk score of a portfolio of entities based on a plurality of motivation scores including the motivation score and a plurality of sophistication scores including the sophistication score; and
      
      benchmarking over time at least one of the sophistication score, the motivation score, the composite score, and the aggregate risk score.
  - 13. The method of claim 12, further comprising determining a position of the entity relative to the aggregate risk score of the portfolio of entities, the portfolio of entities belonging to at least one of an industry group, a geographic location, a company size, a technology sector, or any combinations thereof.
  - 14. The method of claim 12, wherein the assessed risk is a function of the aggregate risk score of the portfolio of entities.
  - 15. The method of claim 12, further comprising:
    - comparing the assessed risk to the aggregate risk score; and
      
      automatically generating and recommending additional computer network changes to reduce the assessed risk.
  - 16. The method of claim 12, further comprising identifying clusters of sophistication elements or motivation elements shared between two or more entities of the portfolio of entities, the clusters of sophistication elements or motivation elements being associated with an increase in risk.
  - 17. The method of claim 16, further comprising:
    - identifying additional sophistication elements or motivation elements for at least one of the two or more entities of the portfolio of entities that are not shared with the portfolio of entities, the additional sophistication elements or motivation elements being associated with another increase in the risk; and
      
      generating recommendations for the at least one of the two or more entities of the portfolio of entities that will cause a decrease in the risk.
  - 18. The method of claim 10, further comprising estimating at least one impact to the entity for a simulated cyber security failure, the simulated cyber security failure testing the sophistication of the entity and being affected by the motivation regarding the entity.
  - 19. The method of claim 18, wherein the estimated the at least one impact to the entity for the simulated cyber security failure is dynamically calculated based on the determining that the entity has enacted at least a portion of the recommended computer network changes.
  - 20. The method of claim 11, further comprising providing attribution for a change in at least one of the composite, motivation, or sophistication scores, the attribution indicating the change in an underlying data set to effect the change in the at least one of the composite, motivation, or sophistication scores.
  - 21. The method of claim 10, wherein the one or more recommended computer network changes affect at least one of the motivation and the sophistication of the entity in such a way that the assessed risk is reduced.
  - 22. The method of claim 1, wherein at least one of the one or more recommended computer network changes is implemented automatically without intervention of the entity.
  - 23. The method of claim 1, further comprising:
    - in response to determining that the entity has enacted at least a portion of the recommended computer network changes,generating subsequent recommended computer network changes if the risk has not decreased sufficiently to meet a threshold.
  - 24. The method of claim 1, wherein the cyber security policy is at least one of:
    - a cyber security policy from another entity; and
      
      a product warranty for first and/or third party costs that the entity purchases from at least one of a networking, security product, and services provider.

25. A system, comprising:
- a processor; and
  
  a memory communicatively coupled with the processor, the memory storing instructions which when executed by the processor performs a method comprising;
  
  assessing risk in a computer network of an entity, using a computer agent, wherein assessing of the risk is based on information, collected by the computer agent, wherein the collected information is other than information of an actual cyber security failure of the entity, and wherein the assessing of the risk comprises assessing, using a plurality of factors regarding the entity, a likelihood of an actor to initiate the cyber security failure, wherein assessing the risk includes determining at least one of a motivation score and a sophistication score, wherein the motivation score comprises a measure indicative of a motivation of the actor to initiate the cyber security failure, and wherein the sophistication score comprises a measure indicative of a quality of a defense of the entity with respect to the cyber security failure;
  
  based on the assessed risk, automatically determining a set of computer network changes that could be made, wherein determining the set of computer network changes that could be made includes determining that the assessed risk would be lowered in the event that at least a portion of the set of computer network changes is implemented by the entity, and in response to determining the set of computer network changes that could be made, automatically recommending the set of computer network changes to the entity;
  
  determining that the entity has enacted at least a portion of the set of recommended computer network changes, and in response, automatically reassessing the risk in the computer network of the entity based on the enacted computer network changes; and
  
  dynamically re-determining, based on the reassessed risk, a value associated with at least one element of policy criteria of a cyber security policy.

26. A method, comprising:
- receiving an assessment of risk in a computer network of an entity from a computer agent, wherein assessment of the risk is based on information, collected by the computer agent, wherein the collected information is other than information of an actual cyber security failure of the entity, and wherein the assessment of the risk comprises assessing, using a plurality of factors regarding the entity, a likelihood of an actor to initiate the cyber security failure, wherein assessing the risk includes determining at least one of a motivation score and a sophistication score, wherein the motivation score comprises a measure indicative of a motivation of the actor to initiate the cyber security failure, and wherein the sophistication score comprises a measure indicative of a quality of a defense of the entity with respect to the cyber security failure;
  
  based on the assessed risk, automatically determining a set of computer network changes that could be made, wherein determining the set of computer network changes that could be made includes determining that the assessed risk would be lowered in the event that at least a portion of the set of computer network changes is implemented by the entity, and in response to determining the set of computer network changes that could be made, automatically recommending the set of computer network changes to the entity;
  
  determining that the entity has enacted at least a portion of the set of recommended computer network changes, and in response, automatically reassessing the risk in the computer network of the entity based on the enacted computer network changes; and
  
  dynamically re-determining, based on the reassessed risk, a value associated with at least one element of policy criteria of a cyber security policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cyence LLC. (Guidewire Software Incorporated)
Original Assignee
Guidewire Software Incorporated
Inventors
Ng, George Y., Parthasarathi, Arvind
Primary Examiner(s)
Le, Khoi V

Application Number

US15/099,297
Publication Number

US 20160234247A1
Time in Patent Office

1,174 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 40/06   Asset management; Financial...

G06Q 40/08   Insurance

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Diversity analysis with actionable feedback methodologies

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Diversity analysis with actionable feedback methodologies

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links