| 发明名称 | Systems, methods and computer readable media for calculating a security index of an application hosted in a cloud environment | ||
| 摘要 | The present invention provides a method and system for calculating a security index of an application hosted in a cloud environment. The application is mapped to a cloud service provider of the cloud environment, and a set of security controls and a set of security metrics applicable for the application are identified. The set of security controls and the set of security metrics are encapsulated into a security profile object by a security control module. A set of values of the set of security metrics are retrieved from the cloud service provider, by a cloud probe module, and the security index of the application is calculated. | ||
| 申请公布号 | US9032532(B2) | 申请公布日期 | 2015.05.12 |
| 申请号 | US201313891222 | 申请日期 | 2013.05.10 |
| 申请人 | Infosys Limited | 发明人 | Chauhan Nitin Singh;Saxena Ashutosh |
| 分类号 | H04L29/06;G06F21/57 | 主分类号 | H04L29/06 |
| 代理机构 | LeClairRyan, a Professional Corporation | 代理人 | LeClairRyan, a Professional Corporation |
| 主权项 | 1. A security analysis system, comprising a processor and a memory coupled to the processor which is configured to be capable of executing programmed instructions comprising and stored in the memory to: receive an identifier of an application hosted in a cloud environment, a list of cloud service providers in the cloud environment, and a set of security controls; identify a set of security metrics and assign at least a subset of the security metrics to each of the security controls, wherein each of the security controls is defined for the application based on a type of the application and corresponds with an enterprise level security policy of an organization providing the application; retrieve a set of values for each of the security metrics from one or more systems of at least one of the cloud service providers in the cloud environment; generate a security control index for each of the security controls based on the retrieved values for the assigned at least a subset of security metrics, wherein the security control index for each of the security controls is determined as∑j=1kMj*WMj∑j=1kWMj, where j varies from 1 to k, k is a number of the security metrics in the assigned at least a subset of security metrics, Mj is the value for the jth security metric in the assigned at least a subset of security metrics, and W is a weight value; and generate and output an application security index for the application based on an average of a weighted sum of the security control indices. | ||
| 地址 | Bangalore IN | ||