Systems and methods for cyber security risk assessment
Abstract
The present invention is directed to methods, systems, and non-transitory computer readable mediums which can evaluate cyber readiness of an organization. The methods can include: presenting a plurality of objective questions to a user; receiving answers to said plurality of objective questions from said user; determining based on said answers a risk rating for a threat origin of a cyber-attack; determining based on said answers a strength rating for an organizational safeguard against said threat origin; comparing said risk rating of said threat origin to said strength rating of said organizational safeguard; determining based on said comparison a cyber readiness of said organizational safeguard from said cyber-attack by said threat origin; and presenting the cyber readiness of said organizational safeguard. Systems and non-transitory computer readable mediums operating in a similar fashion as such systems are disclosed herein.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . A method for evaluating cyber readiness of an organization, the method comprising:
presenting, by a computer, a plurality of objective questions to a user, wherein each of the objective questions has one or more predefined answers to be selected by said user; receiving, by said computer, answers to said plurality of objective questions from said user; determining based on said answers, by said computer, a risk rating for a threat origin of a cyber-attack; determining based on said answers, by said computer, a strength rating for an organizational safeguard against said threat origin; comparing, by said computer, said risk rating of said threat origin to said strength rating of said organizational safeguard; determining based on said comparison, by said computer, a cyber readiness rating of said organizational safeguard from said cyber-attack by said threat origin; and presenting, by said computer, the cyber readiness rating of said organizational safeguard.
2 . The method of claim 1 , wherein presenting the cyber readiness rating of said organization comprises:
presenting, by said computer, said threat origin and said risk rating of said threat origin; and presenting, by said computer, said organizational safeguard and said strength rating of said organization safeguard.
3 . The method of claim 2 , additionally comprising:
identifying, by said computer, a relationship between said risk rating of said threat origin and said strength rating of said organizational safeguard.
4 . The method of claim 3 , wherein said cyber readiness rating of said organizational safeguard from said cyber-attack by said threat origin comprises one of a plurality of levels, the levels being severe gap, possible concern, and okay.
5 . The method of claim 1 , wherein said risk rating of said threat origin is determined independent from said strength rating of said organizational safeguard.
6 . The method of claim 1 , wherein determining said risk rating of said threat origin comprises:
determining based on said answers, by said computer, a plurality of threat vectors, wherein the threat vectors correspond to the threat origin; and determining based on said answers, by said computer, a risk rating for each of said threat vectors.
7 . The method of claim 6 , wherein determining said risk rating of said threat origin further comprises:
determining based on said risk rating for each of said threat vectors, by said computer, a cumulative risk rating of said threat origin.
8 . The method of claim 1 , additionally comprising:
correlating, by said computer, one or more of said objective questions to a plurality of elements of said organizational safeguard, wherein said elements collectively determine said strength rating of said organizational safeguard.
9 . The method of claim 8 , wherein determining of said strength rating of said organizational safeguard comprises:
determining, by said computer, a strength rating for a first element of said organizational safeguard based on at least one of said answers; and determining, by said computer, a strength rating for a second element of said organizational safeguard based on at least one of said answers.
10 . The method of claim 9 , wherein determining of said strength rating of said first element comprises:
determining, by said computer, a strength rating for a third element of said organizational safeguard based on said strength rating of said first element and said strength rating of said second element.
11 . The method of claim 10 , wherein determining said strength rating of said organizational safeguard additionally comprises:
determining, by said computer, a strength rating for a fourth element of said organizational safeguard based on at least one of said answers; and determining, by said computer, a strength rating for a fifth element of said organizational safeguard based on said strength rating of said third element and said strength rating of said fourth element.
12 . The method of claim 11 , wherein said strength rating for said first element, said strength rating for said second element, said strength rating for said third element, said strength rating for said fourth element, and said strength rating for said fifth element are each determined using a look-up table.
13 . The method of claim 12 , wherein the look-up table provides an outcome for each possible combination of answers to said objective question.
14 . The method of claim 1 , additionally comprising:
determining based on said objective questions, by said computer, an inherent risk profile, wherein the inherent risk profile comprises a plurality of threat origins and a risk rating for each of the threat origins.
15 . The method of claim 1 , additionally comprising:
determining based on said objective questions, by said computer, a preparedness profile, wherein said preparedness profile comprises a plurality of organizational safeguards and a strength rating for each of said organizational safeguards.
16 . A system for evaluating cyber readiness of an organization, the system comprising:
a memory storage device; and a processor in communication with said memory storage device and configured to:
present a plurality of objective questions to a user, wherein each of the objective questions has one or more predefined answers to be selected by said user;
receive answers to said plurality of objective questions from said user;
determine based on said answers a risk rating for a threat origin of a cyber-attack;
determine based on said answers a strength rating for an organizational safeguard against said threat origin;
compare said risk rating of said threat origin to said strength rating of said organizational safeguard;
determine based on said comparison the cyber readiness rating of said organizational safeguard from said cyber-attack by said threat origin; and
present the cyber readiness rating of said organizational safeguard.
17 . The system of claim 16 , wherein presenting the cyber readiness rating of said organization comprises:
presenting said threat origin and said risk rating of said threat origin; and presenting said organizational safeguard and said strength rating of said organization safeguard.
18 . The system of claim 17 , additionally comprising:
identifying a relationship between said risk rating of said threat origin and said strength rating of said organizational safeguard.
19 . The system of claim 18 , wherein said cyber readiness rating of said organizational safeguard from said cyber-attack by said threat origin comprises one of a plurality of levels, the levels being severe gap, possible concern, and okay.
20 . The system of claim 16 , wherein determining said risk rating of said threat origin comprises:
determining based on said answers a plurality of threat vectors, wherein the threat vectors correspond to the threat origin; and determining based on said answers a risk rating for each of said threat vectors.
21 . The system of claim 20 , wherein determining said risk rating of said threat origin to cyber-attack further comprises:
determining based on said risk rating for each of said threat vectors a cumulative risk rating for said threat origin.
22 . The system of claim 16 , wherein the processor is additionally configured to:
correlate one or more of said objective questions to a plurality of elements of said organizational safeguard, wherein said elements collectively determine said strength rating of said organizational safeguard.
23 . The system of claim 22 , wherein determining of said strength rating of said organizational safeguard comprises:
determining a strength rating for a first element of said organizational safeguard based on at least one of said answers; and determining a strength rating for a second element of said organizational safeguard based on at least one of said answers.
24 . The system of claim 23 , wherein determining of said strength rating of said first element comprises:
determining a strength rating for a third element of said organizational safeguard based on said strength rating of said first element and said strength rating of said second element.
25 . The system of claim 24 , wherein determining of said strength rating of said organizational safeguard additionally comprises:
determining a strength rating for a fourth element of said organizational safeguard based on at least one of said answers; and determining a strength rating for a fifth element of said organizational safeguard based on said strength rating of said third element and said strength rating of said fourth element.
26 . The system of claim 25 , said strength rating for said first element, said strength rating for said second element, said strength rating for said third element, said strength rating for said fourth element, and said strength rating for said fifth element are each determined using a look-up table.
27 . The system of claim 26 , wherein the look-up table provides an outcome for each possible combination of answers to said objective questions.
28 . The system of claim 16 , wherein the processor is additionally configured to:
determine based on said objective questions an inherent risk profile, wherein the inherent risk profile comprises a plurality of threat origins and a risk rating for each of the threat origins.
29 . The system of claim 16 , wherein the processor is additionally configured to:
determine based on said objective questions a preparedness profile, wherein said preparedness profile comprises a plurality of organizational safeguards and a strength rating for each of said organizational safeguards.
30 . A non-transitory computer-readable medium tangibly storing computer program instructions which when executed by a processor, causes the processor to:
present a plurality of objective questions to a user, wherein each of the objective questions has one or more pre-defined answers to be selected by said user; receive answers to said plurality of objective questions from said user; determine based on said answers a risk rating for a threat origin of a cyber-attack; determine based on said answers a strength rating for an organizational safeguard against said threat origin; compare the risk rating of said threat origin to said strength rating of said organizational safeguard; determine based on said comparison a cyber readiness rating of said organizational safeguard from said cyber-attack by said threat origin; and present the cyber readiness rating of the organizational safeguard.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.