Systems and methods for measuring cyber based risks in an enterprise organization

摘要

A method and system are disclosed for assessing cyber-based risks in an enterprise organization. A database comprising vulnerability data associated with computers in an enterprise is combined with a second database comprising data of users of computers in an enterprise, along with a third database base indicating the relationship of the users in an organization structure in the enterprise. From the synthesis of data in these separate databases, text based reports detailing aggregate computer vulnerabilities can be produced on a computer, as well as organizational charts depicting the relationship between selected individuals and their computer vulnerabilities. Using such reports, individuals charged with cyber-security can assess organizational cyber risks and allocate resources as appropriate.