System and method for organizational risk analysis and reporting by mapping detected risk patterns onto a risk ontology

摘要

A method for characterizing risk using an adaptive risk analysis engine. Following a user request for a risk analysis, online and/or offline factual information is retrieved by the engine and is used to produce risk indicators. The risk indicators are mapped onto risk ontology to produce risk factors which are then used to assess the level of risk. Parameters for the likelihood, impact, and external threat of the risk are calculated, and a risk assessment report is produced for the user.

主权项

1. A computer-implemented method for analyzing risk at an individual or at an organizational level using an adaptive risk analysis engine, the method comprising:
receiving a request for a risk analysis; retrieving factual information about both human and machine behavior from at least one online source and at least one offline source, said sources comprising at least one database source and at least one unstructured source; detecting, using a processor running the adaptive risk analysis engine, a pattern in said retrieved factual information; producing via induction a risk indicator from said detected pattern; determining, using the adaptive risk analysis engine, a risk indicator pattern from the produced risk indicator, wherein the adaptive risk analysis engine uses a risk policy defining threats faced by an organization to determine a risk to be asserted and at least one factor that mitigates or exacerbates the asserted risk; mapping, using the adaptive risk analysis engine, said risk indicator pattern and produce a risk factor, wherein the adaptive risk analysis engine dynamically consults a risk ontology; assessing a level of risk based on the risk factor; constructing impact, internal threat, and external threat parameters; and determining, based upon said threat parameters, whether reporting conditions have been met and when met producing a risk assessment report.