发明名称 |
SYSTEM AND METHOD FOR AUTOMATIC CALCULATION OF CYBER-RISK IN BUSINESS-CRITICAL APPLICATIONS |
摘要 |
A system for calculating cyber-risk in a software application includes a cyber-risk calculator. The cyber-risk calculator receives a security assessment result sample having a list of security modules, each security module listing including a respective result of a security assessment of the application identifying a vulnerability and/or misconfiguration capable of being exploited and/or abused. When run in a risk calculation mode, the cyber-risk calculator determines a world partition of the application in the security assessment result sample belongs to, references a set of parameters from a parametrization database according to the world partition corresponding to the application, determines a cyber-risk exposure level for the application based upon the security assessment result sample and the set of parameters, and reports results of the cyber-risk calculation. |
申请公布号 |
US2016119373(A1) |
申请公布日期 |
2016.04.28 |
申请号 |
US201514924240 |
申请日期 |
2015.10.27 |
申请人 |
Onapsis, Inc. |
发明人 |
Fausto Emiliano José;Gutesman Ezequiel David;Burroni Javier;Müller Pablo |
分类号 |
H04L29/06;G06F17/30 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. A system for calculating cyber-risk in a software application, comprising:
a cyber-risk calculator comprising a processor configured to execute non-transitory instructions stored in a memory, which when executed perform the steps of:
receiving a security assessment result sample comprising a list of security modules, each security module listing including a respective result of a security assessment of the application identifying a vulnerability and/or misconfiguration capable of being exploited and/or abused; andrunning the cyber-risk calculator in a risk calculation mode further comprising the steps of:
referencing a set of parameters from a parametrization database according to a world partition corresponding to the application;determining a cyber-risk exposure level for the application based upon the security assessment result sample and the set of parameters; andreporting results of the cyber-risk calculation. |
地址 |
Boston MA US |