Patent Auction lists patented inventions available for sale or licensing. Inventors can list their patented inventions (or patent pending) for sale. New inventions for sale are added on a daily basis !
Home    List your patent    My account     Help     Support us    

Assessing and Managing Cyber Threats

[Viewed 95 times]

Methods, systems and apparatus, including computer programs encoded on a computer storage medium, for assessing and managing cyber threats. In some implementations, data specifying relationships between I.T. system infrastructures, system categories, operational processes, computer-based threats and mitigation actions is received. A plurality of simulations are performed using a Monte Carlo method, with each simulation involving propagating data through stochastic modeling for a given time window having a beginning and end. Outcomes of the plurality of simulations that include mitigating actions representing the threat mitigation measures of the organization, for a given time window, determine a measure of impact of cyber threats to the organization. The determined measure is provided for output to a user.

Financial information


1. Network-specific cyber threat data is acquired by sensors and this is utilised in modelling in conjunction with data relating to the number of viruses in the wild.

2. The proprietary network topology, business processes and various categories are input by a user to create a map of the relationships and interdependencies between business processes and IT systems supporting said operations.

3. Physical threats are added to the model inputs. These can range from natural disasters such as flooding of a data centre, to insider threats or a proxy for any other physical threat.

4. The models calculate a financial risk exposure factor based upon the data using two primary models. The first is weighted linear extrapolation and is used in order to remove any form of "black box" calculation that would not be acceptable for audit and regulatory compliance inspections i.e. the values are calculated in a well-accepted and comprehensible manner. The second model utilises Monte Carlo simulations in order to account for tails risks in the data i.e. low probability, high impact scenarios.

5. The output is displayed to a user. Reports can also be generated. These provide an individual risk per process, and aggregated value or over a time period - see screenshots below for example implementation of the system and models.

6. Changes to parameters by a user result in amended exposure values and can be used to correctly allocated capital to the most effective manner of exposure reduction. A per-process exposure also enables correct prioritization of which process to protect first.

7. A key component of the system and method is the predictive nature of the models and methods. In each case, the objective is to provide future predictive threat values to provide the ability to assess the current and future exposure. This offers the potential to mitigate risk through changes or risk transfer through insurance or other financial instruments.

The offer is for the entire patent portfolio, including continuations, with an option to acquire the software source code and US certified source code copyright.