摘要 |
A method of automating security risk assessment and management and corrective feedback with a cost-optimized allocation plan is disclosed. The method, operable in a computer system, includes presenting an on-line survey questionnaire and receiving, in response to the on-line survey questionnaire, a user-provided answer. The method further includes extracting data from the computer system and calculating, in response to the user-provided answer and the extracted data, a security risk. The method also includes producing, in response to the security risk, the cost-optimized allocation plan. The data and the user-provided answer are recorded in a data repository. The cost-optimized allocation plan is produced using a game-theoretical approach. The cost-allocation allocation plan includes changes to break even a cost differential of an expected cost of loss (ECL), and further assigns realistic market-oriented mitigation costs to each line of action for the user's computer or system.
|