CYBERSECURITY ASSESSMENT AND RISK MANAGEMENT TOOL

摘要

Techniques and apparatuses are described for a cybersecurity risk managementtool to assess cybersecurity risk and prioritize cybersecurity correctionplans. Thecybersecurity risk management tool categorizes cybersecurity frameworksecuritycontrols into maturity indicator levels, identifies implementation statesachieved byan entity with respect to the cybersecurity framework security controls, anddetermines which of the maturity indicator levels represents theimplementationstate achieved by the entity with respect to each of the cybersecurityframeworksecurity controls. A cost-benefit analysis for modifying from theimplementationstate achieved by the entity to a next implementation state to be achieved bytheentity with respect to the cybersecurity framework security controls is alsoenabled.The cost-benefit analysis leverages factored weights including aspectsindicativeof security perspectives, Gaussian distributions, and the maturity indicatorlevels.