Information system service-level security risk analysis
US8438643B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 2, 2006 |
| Grant date | May 7, 2013 |
| Priority date | — |
| Expiry date | Oct 25, 2029 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/577
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Information system service-level security risk analysis systems, methods, and Graphical User Interfaces are disclosed. Assets of an information system that have relationships with a service provided by the information system are identified, and at least one security risk to the service is determined by analyzing security vulnerabilities associated with the identified assets. A consolidated representation of the service is provided, and includes an indication of the determined security risk(s) and an indication of a relationship between the service and at least one of the identified assets. The security risk indication may include indications of multiple security parameters. Security risks may be represented differently depending on whether they arise from a security vulnerability of an asset that has a relationship with the service or a security vulnerability of an asset that has a relationship with the service only through a relationship with an asset that has a relationship with the service.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.