Risk assessment and remediation
US10791137B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 14, 2018 |
| Grant date | Sep 29, 2020 |
| Priority date | — |
| Expiry date | Jan 27, 2039 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/166
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method of assessing and addressing computer security risk is disclosed. The method comprises receiving, by a processor, a request for an engagement to identify vulnerabilities of a networked computer system; computing, by the processor, a pre-engagement risk score for the networked computer system corresponding to a plurality of vulnerability areas; causing, by the processor, performance of a penetration test as part of the engagement by a plurality of researcher computers to identify vulnerabilities of the networked computer system in at least one of the plurality of vulnerability areas; determining a researcher computer cost describing a cost incurred by the plurality of researcher computers during the engagement; determining a vulnerability factor associated with a group of vulnerabilities identified by the plurality of researcher computers during the engagement; calculating a post-engagement risk score for the networked computer system based on the researcher computer cost and the vulnerability factor; and transmitting the post-engagement risk score to the client device to improve security of networked computer system.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.