Patent Auction lists patented inventions available for sale or licensing. Inventors can list their patented inventions (or patent pending) for sale. New inventions for sale are added on a daily basis !
Home    List your patent    My account     Help     Support us    


[Viewed 76 times]

Apparatus for assessing threat to at least one computer network in which a plurality of systems (301, 302, 303, 304, 305, . . . 30n) operate is configured to determine predicted threat activity (13), to determine expected downtime of each system in dependence upon said predicted threat activity, to determine loss (12A, 12B, 12C, 12D, 12E, . . . , 12m) for each of a plurality of operational processes (31A, 31B, 31C, 31D, 31E, . . . 31m) dependent on the downtimes of the systems, to add losses for the plurality of processes so as to obtain a combined loss (12SUM) arising from the threat activity.

Financial information


1. Network-specific cyber threat data is acquired by sensors and this is utilised in modelling in conjunction with data relating to the number of viruses in the wild.

2. The proprietary network topology, business processes and various categories are input by a user to create a map of the relationships and interdependencies between business processes and IT systems supporting said operations.

3. Physical threats are added to the model inputs. These can range from natural disasters such as flooding of a data centre, to insider threats or a proxy for any other physical threat.

4. The models calculate a financial risk exposure factor based upon the data using two primary models. The first is weighted linear extrapolation and is used in order to remove any form of "black box" calculation that would not be acceptable for audit and regulatory compliance inspections i.e. the values are calculated in a well-accepted and comprehensible manner. The second model utilises Monte Carlo simulations in order to account for tails risks in the data i.e. low probability, high impact scenarios.

5. The output is displayed to a user. Reports can also be generated. These provide an individual risk per process, and aggregated value or over a time period - see screenshots below for example implementation of the system and models.

6. Changes to parameters by a user result in amended exposure values and can be used to correctly allocated capital to the most effective manner of exposure reduction. A per-process exposure also enables correct prioritization of which process to protect first.

7. A key component of the system and method is the predictive nature of the models and methods. In each case, the objective is to provide future predictive threat values to provide the ability to assess the current and future exposure. This offers the potential to mitigate risk through changes or risk transfer through insurance or other financial instruments.

The offer is for the entire patent portfolio, including continuations, with an option to acquire the software source code and US certified source code copyright.