CALCULATING QUANTITATIVE ASSET RISK
First Claim
1. A computer-implemented method, performed by data processing apparatus, comprising:
- identifying a standardized vulnerability score for a particular vulnerability in a plurality of known vulnerabilities, wherein the standardized vulnerability score indicates a relative level of risk associated with the particular vulnerability relative other vulnerabilities in the plurality of known vulnerabilities;
determining a vulnerability detection score indicating an estimated probability that a particular asset possess the particular vulnerability;
determining a vulnerability composite score for the particular asset to the particular vulnerability, wherein the vulnerability composite score is derived from the standardized vulnerability score and the vulnerability detection score;
identifying a countermeasure component score, wherein the countermeasure component score indicates an estimated probability that a countermeasure will mitigate risk associated with the particular vulnerability on the particular asset; and
determining a risk metric for the particular asset and the particular vulnerability from the vulnerability composite score and the countermeasure component score.
10 Assignments
0 Petitions
Accused Products
Abstract
A standardized vulnerability score is identified for a particular vulnerability in a plurality of known vulnerabilities, the standardized vulnerability score indicating a relative level of risk associated with the particular vulnerability relative other vulnerabilities. A vulnerability detection score is determined that indicates an estimated probability that a particular asset possess the particular vulnerability and a vulnerability composite score is determined for the particular asset to the particular vulnerability, the vulnerability composite score derived from the standardized vulnerability score and the vulnerability detection score. A countermeasure component score is identified that indicates an estimated probability that a countermeasure will mitigate risk associated with the particular vulnerability on the particular asset. A risk metric for the particular asset and the particular vulnerability is determined from the vulnerability composite score and the countermeasure component score. In some instances, aggregate risk scores can be calculated from a plurality of calculated risk metrics.
141 Citations
28 Claims
-
1. A computer-implemented method, performed by data processing apparatus, comprising:
-
identifying a standardized vulnerability score for a particular vulnerability in a plurality of known vulnerabilities, wherein the standardized vulnerability score indicates a relative level of risk associated with the particular vulnerability relative other vulnerabilities in the plurality of known vulnerabilities; determining a vulnerability detection score indicating an estimated probability that a particular asset possess the particular vulnerability; determining a vulnerability composite score for the particular asset to the particular vulnerability, wherein the vulnerability composite score is derived from the standardized vulnerability score and the vulnerability detection score; identifying a countermeasure component score, wherein the countermeasure component score indicates an estimated probability that a countermeasure will mitigate risk associated with the particular vulnerability on the particular asset; and determining a risk metric for the particular asset and the particular vulnerability from the vulnerability composite score and the countermeasure component score. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. Logic encoded in non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
identifying a standardized vulnerability score for a particular vulnerability in a plurality of known vulnerabilities, wherein the standardized vulnerability score indicates a relative level of risk associated with the particular vulnerability relative other vulnerabilities in the plurality of known vulnerabilities; determining a vulnerability detection score indicating an estimated probability that a particular asset possess the particular vulnerability; determining a vulnerability composite score for the particular asset to the particular vulnerability, wherein the vulnerability composite score is derived from the standardized vulnerability score and the vulnerability detection score; identifying a countermeasure component score, wherein the countermeasure component score indicates an estimated probability that a countermeasure will mitigate risk associated with the particular vulnerability on the particular asset; and determining a risk metric for the particular asset and the particular vulnerability from the vulnerability composite score and the countermeasure component score.
-
-
21. A system comprising:
-
at least one processor device; at least one memory element; and a network monitor, adapted when executed by the at least one processor device to; identify a standardized vulnerability score for a particular vulnerability in a plurality of known vulnerabilities, wherein the standardized vulnerability score indicates a relative level of risk associated with the particular vulnerability relative other vulnerabilities in the plurality of known vulnerabilities; determine a vulnerability detection score indicating an estimated probability that a particular asset possess the particular vulnerability; determine a vulnerability composite score for the particular asset to the particular vulnerability, wherein the vulnerability composite score is derived from the standardized vulnerability score and the vulnerability detection score; identify a countermeasure component score, wherein the countermeasure component score indicates an estimated probability that a countermeasure will mitigate risk associated with the particular vulnerability on the particular asset; and determine a risk metric for the particular asset and the particular vulnerability from the vulnerability composite score and the countermeasure component score.
-
-
22. A method comprising:
-
receiving vulnerability definition data including, for each of a plurality of vulnerabilities, an indication of the vulnerability, an identification of one or more countermeasures that reduce a risk associated with possession of the vulnerability by an asset, an indication of a level of protection potentially afforded by each countermeasure for the vulnerability, and applicability information describing one or more configurations of assets to which the vulnerability applies; receiving vulnerability detection data, countermeasure detection data, and configuration data for each of one or more assets, wherein the vulnerability detection data for each asset identifies vulnerabilities applicable to the asset, the countermeasure detection data for each asset identifying one or more countermeasures protecting the asset, and the configuration data for each asset describes a configuration of the asset; and determining a respective risk metric for each of the one or more assets for each of the one or more vulnerabilities, wherein determining the risk metric includes, for each asset and each vulnerability; identifying a standardized vulnerability score for the vulnerability, wherein the standardized vulnerability score indicates a relative level of risk associated with the vulnerability relative other vulnerabilities in the plurality of vulnerabilities; determining a vulnerability detection score for the asset from the vulnerability detection data for the asset; determining a vulnerability composite score for the particular asset to the particular vulnerability, wherein the vulnerability composite score is derived from the standardized vulnerability score and the vulnerability detection score; determining a countermeasure component score from the vulnerability definition data and the countermeasure detection data, wherein determining the countermeasure component score includes analyzing the level of protection afforded by each countermeasure identified in both the vulnerability definition data for the vulnerability and in the countermeasure data as protecting the asset; and determining the risk metric for the asset and the vulnerability from the vulnerability composite score and the countermeasure component score. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
Specification