Combining policy compliance and vulnerability management for risk assessment

Assignee

• International Business Machines Corporation · US

Inventors

• Muhammed Faith Bulut · West Greenwich, US
• Abdulhamid Adebowale Adebayo · White Plains, US
• Lilian Mathias Ngweta · Troy, US
• Ting Dai · 安丰镇, CN
• Constantin Mircea Adam · Norwalk, US
• Daby Mousse Sow · White Plains, US
• Steven Ocepek · Pacifica, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

An apparatus, a method, and a computer program product are provided that combine policy compliance with vulnerability management to provide a more accurate risk assessment of an environment. The method includes training a policy machine learning model using a first training dataset to generate a policy machine learning model to produce mitigation technique classifications and training a vulnerability machine learning model using a second training dataset to generate a vulnerability machine learning model to produce weakness type classifications. The method also includes mapping the mitigation technique classifications to attack techniques to produce a policy mapping and mapping the weakness type classifications to the attack techniques to produce a vulnerability mapping. The method further includes producing a risk assessment of a vulnerability based on the policy mapping and the vulnerability mapping.