Technology Risk Assessment, Forecasting, and Prioritization

摘要

A computer system assesses the overall risk for different technologies for an organization. Technologies may be evaluated by obtaining severity levels and environmental risk scores for the vulnerabilities associated with the technologies. Each severity level measures a possible risk level of a corresponding vulnerability, while each environmental risk score is based on the organization's environment. Technology risk scores are then determined from the severity levels and the environmental risk scores. Each technology may then be categorized from a statistical distribution of the technology risk scores. An indexed risk score for each technology may also be determined based on time trending variables. Inputs may be a number of vulnerabilities, blended advisory/severity scores, and a standard deviation of the blended advisory/severity scores, and the results then provide behavior forecasting of the technologies. Further evaluation of the technologies may be performed to determine a risk versus reward model for the different technologies.