Method and apparatus for reducing security risk in a networked computer system architecture

摘要

An apparatus and associated method are provided for reducing a security risk in a networked computer system architecture. The method comprises receiving at a security computer external vulnerability data from an external source regarding vulnerabilities associated with an attack vector for configuration item (CI) data related to a (CI) device, of the networked computer system. The security computer accesses a configuration management database (CMDB) and the CI data related to the physical device is read. Trust zone data associated with the CI device is determined utilizing the CMDB, and the security computer performs a vulnerability calculation for the CI device utilizing the external vulnerability data and associated trust zone data. This is also done for a second CI device. The vulnerability calculations for both are compared and this comparison serves as a basis for prioritizing an action to be taken on the CI device or associated other network components.