The system, method, and apparatus for measuring, modeling, reducing, and addressing cyber risk contains a process for determining threat.
This process references US patents 11,379,773, 11,282,018, 10,453,016, 10,395,201, and 9,747,570.
The threat system, method, and apparatus is just one component of the entire system, method, and apparatus for measuring, modeling, reducing, and addressing cyber risk.
The threat component expands into a defined system, method, and apparatus for measuring, modeling, reducing, and addressing threat.
The above figure expands into additional detail. (1) Data defined industry threat baseline expands into use of historical and cyber risk intelligence data. (2) Data defined industry threat modifier expands into use of historical and cyber risk intelligence data. (3) Historical and cyber risk intelligence data expands into a process that combines industry threat baseline and industry threat modifier. (4) Operator defined industry selection expands into specific operator inputs. (5) Operator defined asset applicability expands into specific operator inputs. (6) Operator defined threat modifier expands into specific operator inputs. (7) Operator threat inputs expands into a process that combines operator defined industry selection, operator defined asset applicability, and operator defined threat modifier. (8) Threat measurement expands into a process that combines historical and cyber risk intelligence threat data and operator threat inputs. (9) Threat model expands into a process that determines threat amongst the 110 risk scenarios. (10) Threat results expands into a sample output. (11) Threat ranking expands into a sample prioritization of threat. (12) Addressing threat expands into a sample set of decisions.
Data Defined Industry Baseline
This system, method, and apparatus considers 21 industry verticals, such as Retail and Healthcare. Historical and cyber risk intelligence data determines an annual threat baseline for each industry vertical amongst each of the 10 threat categories.
This system, method, and apparatus considers the following industry verticals, which align with NAICS codes.
Financial and Insurance Services (NAICS Code 512)
Retail Trade (NAICS Code 44, 45)
Healthcare (NAICS Code 62)
Manufacturing (NAICS Code 31, 32, 33)
Accommodation and Food Services (NAICS Code 72)
Education (NAICS Code 61)
Information, Software, and Technology (NAICS Code 51)
Professional, Scientific, and Technical Services (NAICS Code 54)
Public Administration (NAICS Code 92)
Transportation and Warehousing (NAICS Code 48, 49)
Construction (NAICS Code 23)
Mining (NAICS Code 21)
Art, Entertainment, and Recreation (NAICS Code 71)
Utilities (NAICS Code 22)
Administrative and Support, Waste Management, and Remediation Services (NAICS Code 56)
Agriculture, Forestry, Fishing, and Hunting (NAICS Code 11)
Management of Companies and Enterprise (NAICS Code 55)
Real Estate Rental and Leasing (NAICS Code 53)
Other Services (NAICS Code 81)
Wholesale Trade (NAICS Code 42)
Unknown (selected if the previous 20 industries do not apply)
This system, method, and apparatus determines the industry threat baseline by leveraging historical and cyber risk intelligence data. For each industry, all incidents are categorized across the 10 threat categories, each category is compared with an average condition , and a value between 0 to 10 is derived for each threat category. 0 represents "no threat" condition and 10 represents an "extreme threat" condition.
Data Defined Industry Threat Modifier
This system, method, and apparatus uses historical and cyber risk intelligence data determines a monthly threat modifier for each industry vertical amongst each of the 10 threat categories. Threat modification is determined at the threat variety by comparing the current volume to a baseline volume. The average amongst all threat varieties, for a given threat category, determines the total threat modification for that threat category. The diagram below is an abridge and simplified illustration of threat modification.
The monthly industry threat modifier accounts for emerging and dampening threat conditions from one month to the next.
Combining Baseline and Threat Modifier
This system, method, and apparatus combines the data defined industry threat baseline and the data defined industry threat modifier by adding both together. The diagram below is an abridge and simplified illustration of threat modification.
If the threat modifier increases the total threat score to a value greater than 10, then a new industry threat baseline needs to be re-established due to emerging threat conditions. If the threat modifier decreases the total threat score to a value less than zero, then a new industry threat baseline needs to be re-established due to dampening threat conditions.
Operator Defined Industry Selection
This system, method, and apparatus provides an operator input for industry selection. The operator selected industry determines which industry baseline and industry baseline modifier are used for threat.
This system, method, and apparatus also contemplates a multi-industry selection using a percent breakout amongst applicable industry verticals.
For more information, please see here.
Operator Defined Asset Applicability
This system, method, and apparatus provides an operator input for asset applicability. For more details, please see here.
Operator Defined Threat Modifier
This system, method, and apparatus provides an operator input for threat modifier. For more details, please see here.
Organization of the Operator Threat Inputs
This system, method, and apparatus organizes and structures the operator threat inputs for enterprise-specific threat measuring and modeling. This system, method, apparatus stages, archives, and links the operator threat inputs to the threat model.
Threat Measurement
This system, method, and apparatus combines historical and cyber risk intelligence threat data and operator threat input to determine threat measurement.
This system, method, and apparatus repeats the process for all 110 risk scenarios. The result is a threat measurement grid.
Threat Model
This system, method, and apparatus combines threat measurement and a threat asset allocation, amongst the 110 risk scenarios, to tune threat for each risk scenario. The threat asset allocation table accounts for the disproportionate threat activity amongst the 11 asset groups. Historical data and cyber risk intelligence data informs the threat allocation values within the asset allocation table. The table below is just an example of such a table.
The result of the threat model is the multiplication of Threat Measurement Grid and the Threat Asset Allocation Grid.
Threat Results
This system, method, and apparatus displays a Threat Grid the operator. This system, method, and apparatus uses the Threat Grid to prepare historical trends, maximum threat per threat category graphs, aggregate threat per threat category graphs, and top 5 threat scenarios.
This systems, method, and apparatus may use a color scale overlay to help the operator better see where high threat exists within the grid. Dark colors represent higher threat, while lighter colors represent lower threat.
This systems, method, and apparatus can also show relation to industry threat benchmark.
This system, method, and apparatus supports one-time, current, and monthly measurement, modeling, and results. As such, it is possible to generate threat trending based on shifts in historical and cyber risk intelligence threat data and operator defined threat data. A macro threat value is the average maximum threat amongst all threat categories.
Threat Ranking
This system, method, and apparatus automatically ranks all threat results. The operator can use the rankings to reduce threat. In the above Threat Score by Threat Category graph, the operator can easily see that Web Application Attacks, Denial of Service Attacks, and Everything Else are the top threat categories. Such knowledge could be used to prioritized threat mitigation efforts.
Addressing Threat
This system, method, and apparatus automatically empowers the operator, with a threat grid, threat trend analysis, and threat rankings, to inform decisions regarding addressing threat.
If the threat conditions are undesirable to the enterprise, then the operator has several options for addressing threat.
From the Threat Grid of Threat Score by Threat Category graph, the operator may determine the threat condition is desirable. In such a case, the operator may select to accept the threat condition.
From the Threat Grid of Threat Score by Threat Category graph, the operator may determine the threat condition is undesirable or not acceptable. In such a case, the operator may select to reduce, transfer, or remove the threat. Threat mitigation may consist of blocking and monitoring threat using technology, threat transfer may consist of transferring threat to a cyber insurance policy or 3rd party via legal contract, and threat removal may consist of removing assets associated with high threat conditions.
With the use of system, method, and apparatus, an enterprise could achieve an optimized cyber resilience strategy.