Patent Auction lists patented inventions available for sale or licensing. Inventors can list their patented inventions (or patent pending) for sale. New inventions for sale are added on a daily basis !
Home    List your patent    My account     Help     Support us    

VALUING CYBER RISKS FOR INSURANCE PRICING & UNDERWRITING

[Category : - SOFTWARES- BUSINESS METHODS]
[Viewed 85 times]

A threat analyser and threat assessment system are used to automatically detect occurrence of one or more of the events that are indicative of an electronic threat, automatically determine the breach parameters that apply for the one or more events that occurred, and generates a remediation of network security device security parameters for the network or networks based upon predicted losses arising from observed electronic threats.


Financial information

SUMMARY OF PATENT IMPLEMENTATION AND USE

1. Network-specific cyber threat data is acquired by sensors and this is utilised in modelling in conjunction with data relating to the number of viruses in the wild.

2. The proprietary network topology, business processes and various categories are input by a user to create a map of the relationships and interdependencies between business processes and IT systems supporting said operations.

3. Physical threats are added to the model inputs. These can range from natural disasters such as flooding of a data centre, to insider threats or a proxy for any other physical threat.

4. The models calculate a financial risk exposure factor based upon the data using two primary models. The first is weighted linear extrapolation and is used in order to remove any form of "black box" calculation that would not be acceptable for audit and regulatory compliance inspections i.e. the values are calculated in a well-accepted and comprehensible manner. The second model utilises Monte Carlo simulations in order to account for tails risks in the data i.e. low probability, high impact scenarios.

5. The output is displayed to a user. Reports can also be generated. These provide an individual risk per process, and aggregated value or over a time period - see screenshots below for example implementation of the system and models.

6. Changes to parameters by a user result in amended exposure values and can be used to correctly allocated capital to the most effective manner of exposure reduction. A per-process exposure also enables correct prioritization of which process to protect first.

7. A key component of the system and method is the predictive nature of the models and methods. In each case, the objective is to provide future predictive threat values to provide the ability to assess the current and future exposure. This offers the potential to mitigate risk through changes or risk transfer through insurance or other financial instruments.

The offer is for the entire patent portfolio, including continuations, with an option to acquire the software source code and US certified source code copyright.