SYSTEMS AND METHODS FOR IDENTIFYING, CATEGORIZING, QUANTIFYING AND EVALUATING RISKS

SYSTEMS AND METHODS FOR IDENTIFYING, CATEGORIZING, QUANTIFYING AND EVALUATING RISKS

Systems and methods for identifying, categorizing, quantifying and evaluating risks are presented. In exemplary embodiments of the present invention an asset can be analyzed into its various levels of sub-assets in a top-down manner. In turn, lowest level sub-assets can be analyzed into components a...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: DE FRANCESCO, RICHARD, E, GARDNER, ROBERT, K, FRANKEL, PAUL, J
Format: Patent
Sprache:eng ; fre
Schlagworte:
CALCULATING
COMPUTING
COUNTING
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FORADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORYOR FORECASTING PURPOSES
PHYSICS
SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE,COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTINGPURPOSES, NOT OTHERWISE PROVIDED FOR
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Systems and methods for identifying, categorizing, quantifying and evaluating risks are presented. In exemplary embodiments of the present invention an asset can be analyzed into its various levels of sub-assets in a top-down manner. In turn, lowest level sub-assets can be analyzed into components and elements of such components. In exemplary embodiments of the present invention, comprehensive and orthogonal threat probability and vulnerability data can be input for each of the elements of each component of each lowest level sub-asset. In exemplary embodiments of the present invention such data can be input in the form of a threat probability matrix and a vulnerability matrix. The input data can then be processed to generate an output set for each such sub-asset comprising a combined threat/vulnerability matrix, an index of overall risk vulnerability, or "Figure of Merit" (FOM) and associated retained risk. For each component and level of sub-assets such an output set can then be processed into combined output sets for the higher-level assets of which they are a part, proceeding back up the asset analysis tree. This can provide an accurate risk calculus for the top-level asset and each level of sub-asset identified in the top-down analysis. In exemplary embodiments of the present invention, such outputs can be displayed in various display modes, and an optional iterative risk remediation process can also be performed. In alternative "inverse" exemplary embodiments of the present invention a risk calculus can be used to augment, maximize or exploit an adversary's vulnerabilities. L'invention concerne des systèmes et procédés pour identifier, catégoriser, quantifier et évaluer des risques. Dans des modes de réalisation exemplaires de la présente invention, un actif peut être analysé en différents niveaux de sous-actifs d'une manière descendante. Ensuite, les sous-actifs des niveaux les plus bas peuvent être analysés en composants et éléments de ces composants. Dans des modes de réalisation exemplaires de la présente invention, des données de probabilité et de vulnérabilité de menaces orthogonales et complètes peuvent être entrées pour chacun des éléments de chaque composant de chaque sous-actif de niveau le plus bas. Dans des modes de réalisation exemplaires de la présente invention, ces données peuvent être entrées sous la forme d'une matrice de probabilité et d'une matrice de vulnérabilité de menaces. Les données d'entrée peuvent être alors traitées pour g