Aggregation of risk scores across ad-hoc entity populations
US10887335B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 20, 2018 |
| Grant date | Jan 5, 2021 |
| Priority date | — |
| Expiry date | Feb 27, 2039 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F8/61
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The systems and methods described herein, given a population of entities each with associated information technology (IT) security risk scores, computes an aggregate risk score which quantifies the overall risk of the population. The method works for any arbitrary population of any size, and of any combination of different entity types and results in normalized risk scores for the arbitrary population (i.e. in the [0,1] range, regardless of population size or makeup). Since the risk scores are normalized, it affords comparison across different arbitrary entity populations having different combinations of entity types (e.g. users, servers, and printers). The aggregation technique allows for sensitivity to small numbers of high risk entities, which is a highly desirable characteristic for risk-based applications, and allows for sensitivity to different entity types or other relevant factors such as higher risk users, different threat types.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.