AGGREGATION AND FLOW PROPAGATION OF ELEMENTS OF CYBER-RISK IN AN ENTERPRISE

摘要

A computer-implemented method for computing or modeling the risk of a cyber security breach to an asset begins by gathering coverage information from network sensors, endpoint agents, and decoys related to the asset, as well as gathering importance information related to the asset, alerts and anomalies from an enterprise and vulnerability information related to the asset. From this, a threat-score is computed for the asset. Connections or coupling information is gathered between users and assets, users and data, and assets and data, which is fused to generate a 3-dimensional vector representation of coverage, importance, and threat-score of the assets, users and data. From this 3-dimensional vector, an asset risk score is computed to provide the asset risk score.