SYSTEM AND METHOD FOR AUTOMATIC CALCULATION OF CYBER-RISK IN BUSINESS-CRITICAL APPLICATIONS

摘要

A system for calculating cyber-risk in a software application includes a cyber-risk calculator. The cyber-risk calculator receives a security assessment result sample having a list of security modules, each security module listing including a respective result of a security assessment of the application identifying a vulnerability and/or misconfiguration capable of being exploited and/or abused. When run in a risk calculation mode, the cyber-risk calculator determines a world partition of the application in the security assessment result sample belongs to, references a set of parameters from a parametrization database according to the world partition corresponding to the application, determines a cyber-risk exposure level for the application based upon the security assessment result sample and the set of parameters, and reports results of the cyber-risk calculation.

主权项

1. A system for calculating cyber-risk in a software application, comprising:
a cyber-risk calculator comprising a processor configured to execute non-transitory instructions stored in a memory, which when executed perform the steps of:
receiving a security assessment result sample comprising a list of security modules, each security module listing including a respective result of a security assessment of the application identifying a vulnerability and/or misconfiguration capable of being exploited and/or abused; andrunning the cyber-risk calculator in a risk calculation mode further comprising the steps of:
referencing a set of parameters from a parametrization database according to a world partition corresponding to the application;determining a cyber-risk exposure level for the application based upon the security assessment result sample and the set of parameters; andreporting results of the cyber-risk calculation.