System and method for automatic calculation of cyber-risk in business-critical applications

Assignee

• Onapsis Inc. · US

Inventors

• Emiliano José Fausto · Olavarría, AR
• Ezequiel David Gutesman · Olavarría, AR
• Javier Burroni · Olavarría, AR
• Pablo Müller · Olavarría, AR

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/102
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system for calculating cyber-risk in a software application includes a cyber-risk calculator. The cyber-risk calculator receives a security assessment result sample having a list of security modules, each security module listing including a respective result of a security assessment of the application identifying a vulnerability and/or misconfiguration capable of being exploited and/or abused. When run in a risk calculation mode, the cyber-risk calculator determines a world partition of the application in the security assessment result sample belongs to, references a set of parameters from a parametrization database according to the world partition corresponding to the application, determines a cyber-risk exposure level for the application based upon the security assessment result sample and the set of parameters, and reports results of the cyber-risk calculation.