METHOD AND APPARATUS FOR REDUCING SECURITY RISK IN A NETWORKED COMPUTER SYSTEM ARCHITECTURE

摘要

A method may comprise: receiving, at a security computing system in a network communicatively coupled to a configuration management database, CMDB, external vulnerability data from an external source; identifying, using configuration item data stored in the CMDB and the external vulnerability data, configuration items in the network to which a respective vulnerability applies; inferring a network topology based on CMDB information; determining an original risk level for each identified configuration item based on the configuration item data stored in the CMDB and on the external vulnerability data; calculating a context dependent risk for each identified configuration item based on the respective original risk level, the network topology, and CMDB information; and prioritizing vulnerability remediation work based on the calculated context dependent risk.