System and Method for Calculating a Risk to an Entity
    1.
    发明申请
    System and Method for Calculating a Risk to an Entity 有权
    计算实体风险的系统和方法

    公开(公告)号:US20130197963A1

    公开(公告)日:2013-08-01

    申请号:US13363825

    申请日:2012-02-01

    IPC分类号: G06Q10/00

    CPC分类号: G06Q10/0635

    摘要: According to one embodiment, a system includes a memory, a processor, and an interface. For a first region, the processor calculates a risk associated with a political situation of the first region, a risk associated with a legal situation of the first region, a risk associated with an economic situation of the first region, a risk associated with a social situation of the first region, a risk associated with a technological situation of the first region, and a risk associated with an environmental situation of the first region. For a first entity, the processor calculates a risk associated with an exposure level of the first entity in the first region. Based at least on these calculated risks, the processor calculates a ranking for the first region, the ranking representing an amount of risk to the first entity in the first region. The interface communicates the ranking for display.

    摘要翻译: 根据一个实施例,系统包括存储器,处理器和接口。 对于第一区域,处理器计算与第一区域的政治状况相关联的风险,与第一区域的法律状况相关联的风险,与第一区域的经济状况相关联的风险,与社会 第一个地区的情况,与第一个地区的技术状况相关的风险,以及与第一个地区的环境状况有关的风险。 对于第一实体,处理器计算与第一区域中的第一实体的曝光水平相关联的风险。 至少基于这些计算的风险,处理器计算第一区域的排名,排名表示第一区域中第一实体的风险量。 界面传达排名以进行显示。

    System and method for calculating a risk to an entity
    2.
    发明授权
    System and method for calculating a risk to an entity 有权
    计算实体风险的系统和方法

    公开(公告)号:US08751285B2

    公开(公告)日:2014-06-10

    申请号:US13363825

    申请日:2012-02-01

    IPC分类号: G06Q10/00 G06Q40/00

    CPC分类号: G06Q10/0635

    摘要: According to one embodiment, a system includes a memory, a processor, and an interface. For a first region, the processor calculates a risk associated with a political situation of the first region, a risk associated with a legal situation of the first region, a risk associated with an economic situation of the first region, a risk associated with a social situation of the first region, a risk associated with a technological situation of the first region, and a risk associated with an environmental situation of the first region. For a first entity, the processor calculates a risk associated with an exposure level of the first entity in the first region. Based at least on these calculated risks, the processor calculates a ranking for the first region, the ranking representing an amount of risk to the first entity in the first region. The interface communicates the ranking for display.

    摘要翻译: 根据一个实施例,系统包括存储器,处理器和接口。 对于第一区域,处理器计算与第一区域的政治状况相关联的风险,与第一区域的法律状况相关联的风险,与第一区域的经济状况相关联的风险,与社会 第一个地区的情况,与第一个地区的技术状况相关的风险,以及与第一个地区的环境状况有关的风险。 对于第一实体,处理器计算与第一区域中的第一实体的曝光水平相关联的风险。 至少基于这些计算的风险,处理器计算第一区域的排名,排名表示第一区域中第一实体的风险量。 界面传达排名以进行显示。

    Risk Assessment And Prioritization Framework
    3.
    发明申请
    Risk Assessment And Prioritization Framework 审中-公开
    风险评估和优先化框架

    公开(公告)号:US20120215575A1

    公开(公告)日:2012-08-23

    申请号:US13031702

    申请日:2011-02-22

    IPC分类号: G06Q10/00 G06Q90/00

    CPC分类号: G06Q10/0635

    摘要: A system and method of identifying, assessing and prioritizing risks are provided. The system and method may include a risk identification module that may identify one or more risks to a business, organization, entity, group or department within the entity, etc. One or more risk variables associated with each identified risk may then be identified. In some examples, the risk variables may be the same or substantially similar for all identified risks. A risk score for each identified risk variable may be determined and an overall risk score for each identified risk may then be determined based on the determined variable risk scores. In some examples, the overall score may be normalized on a predetermined scale. Once an overall score for each risk is determined, the risks having the highest priority may be identified.

    摘要翻译: 提供了识别,评估和优先排序风险的系统和方法。 系统和方法可以包括风险识别模块,其可以识别实体内的业务,组织,实体,组或部门的一个或多个风险等。然后可以识别与每个识别的风险相关联的一个或多个风险变量。 在一些例子中,所有风险的风险变量可能相同或基本相似。 可以确定每个确定的风险变量的风险分数,然后可以基于确定的可变风险评分来确定每个确定的风险的总体风险评分。 在一些示例中,整体得分可以以预定比例进行归一化。 一旦确定了每个风险的总分,就可以确定具有最高优先级的风险。

    Technology Risk Assessment, Forecasting, and Prioritization
    4.
    发明申请
    Technology Risk Assessment, Forecasting, and Prioritization 审中-公开
    技术风险评估,预测和优先排序

    公开(公告)号:US20120203590A1

    公开(公告)日:2012-08-09

    申请号:US13020884

    申请日:2011-02-04

    IPC分类号: G06Q10/00

    CPC分类号: G06Q10/04 G06Q10/0635

    摘要: A computer system assesses the overall risk for different technologies for an organization. Technologies may be evaluated by obtaining severity levels and environmental risk scores for the vulnerabilities associated with the technologies. Each severity level measures a possible risk level of a corresponding vulnerability, while each environmental risk score is based on the organization's environment. Technology risk scores are then determined from the severity levels and the environmental risk scores. Each technology may then be categorized from a statistical distribution of the technology risk scores. An indexed risk score for each technology may also be determined based on time trending variables. Inputs may be a number of vulnerabilities, blended advisory/severity scores, and a standard deviation of the blended advisory/severity scores, and the results then provide behavior forecasting of the technologies. Further evaluation of the technologies may be performed to determine a risk versus reward model for the different technologies.

    摘要翻译: 计算机系统评估组织的不同技术的总体风险。 可以通过获取与技术相关的漏洞的严重性级别和环境风险评分来评估技术。 每个严重性级别衡量相应漏洞的可能风险级别,而每个环境风险评分均基于组织的环境。 然后从严重程度和环境风险评分中确定技术风险评分。 然后可以从技术风险分数的统计分布中分类每种技术。 每个技术的索引风险分数也可以基于时间趋势变量来确定。 输入可能是一些漏洞,混合咨询/严重性评分以及混合咨询/严重程度评分的标准偏差,然后结果提供了技术的行为预测。 可以进行技术的进一步评估,以确定不同技术的风险与回报模型。