Method and system to manage risk of vulnerabilities and corresponding change actions to address malware threats

Assignee

• International Business Machines Corporation · US

Inventors

• Sai Zeng · Yorktown Heights, US
• Vugranam C. Sreedhar · Yorktown Heights, US
• Karin Murthy · Bengaluru, IN
• Jinho Hwang · Ossining, US
• Milton H. Hernandez · Tenafly, US
• Lisa M. Chavez · Bernalillo, US
• Muhammed Fatih Bulut · Tonawanda, US
• Virginia Mayo · Jersey City, US
• Xinli WANG · Foshan, CN
• Cindy J. Mullen · Madison, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06N7/01
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A system includes a memory that stores computer executable components and neural network data, and a processor executes computer executable components stored in the memory. An assessment component assesses a computer network, and classifies the computer network relative to M network classifications stored in a repository, wherein M is an integer greater than one. A risk component determines risk of vulnerability subject to change impact regarding protection against a computer virus or cyber-attack based on historical information regarding vulnerability exposure and vulnerability remediation changes relative to the classification of the computer network. A recommendation component that generates recommendations and best action to mitigate risk and impact, and remediate the vulnerabilities based on the risk assessment and business priorities.