Estimating and visualizing security risk in information technology systems
US8402546B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 19, 2008 |
| Grant date | Mar 19, 2013 |
| Priority date | — |
| Expiry date | Nov 26, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/577
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Security risk for a single IT asset and/or a set of IT assets in a network such as an enterprise or corporate network may be estimated and represented in a visual form by categorizing risk into different discrete levels. The IT assets may include both computing devices and users. The risk categorization uses a security assessment of an IT asset that is generated to indicate the type of security problem encountered, the severity of the problem, and the fidelity of the assessment. The asset value of an IT asset to the enterprise is also assigned. Security risk is then categorized (and a numeric risk value provided) for each IT asset for different problem types by considering the IT asset value along with the severity and fidelity of the security assessment. The security risk for the enterprise is estimated using the numeric risk value and then displayed in visual form.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.