Method and system of assessing risk using a one-dimensional risk assessment model
US7552480B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Apr 23, 2003 |
| Grant date | Jun 23, 2009 |
| Priority date | — |
| Expiry date | Mar 9, 2026 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/577
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A quantitative model combines a one-dimensional risk-assessment approach with expert knowledge to enable calculation of a probability or likelihood of exploitation of a threat to an information system asset without referring to actuarial information. A numerical value is established for one or more threats of attack on the information system asset based on expert knowledge without reference to actuarial data, and likewise, based on expert knowledge without reference to actuarial data, a numerical value is established for each of one or more access and privilege components of one or more vulnerabilities to attack on the information system asset. A security risk level for the information system asset is computed based upon the numerical values for threat and the access and privilege components for vulnerability so established.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.