Patent
Systems and methods of associating security vulnerabilities and assets
Reads0
Chats0
TLDR
In this paper, a definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platforms that is affected when the exploited asset platform is exploited by the security vulnerabilities, is compared with definitions of one or more assets of an information system.Abstract:
Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.read more
Citations
More filters
Patent
Enterprise Information Security Management Software For Prediction Modeling With Interactive Graphs
TL;DR: In this article, a user creates a what-if scenario by changing one or more baseline security measurements, and then generates interactive, animated graphs that compare the baseline security measurement against the what if scenario.
Patent
Geo-mapping system security events
TL;DR: In this paper, a particular security event is identified that has been detected as targeting a particular computing device included in a particular computer system, and a particular grouping of assets in a plurality of asset groupings within the particular computing system is identified as including the particular device.
Patent
Calculating quantitative asset risk
TL;DR: In this paper, a standardized vulnerability score is identified for a particular vulnerability in a plurality of known vulnerabilities, the standardized score indicating a relative level of risk associated with the particular vulnerability relative other vulnerabilities.
Patent
System for implementing security on telecommunications terminals
TL;DR: In this article, a system includes at least one telecommunications terminal having data processing capabilities, the telecommunications terminal being susceptible of having installed thereon software applications, wherein each software application has associated therewith a respective indicator adapted to indicate a level of security of the software application.
Patent
Network anomaly detection
Maxim Kesin,Samuel Jones +1 more
TL;DR: In this article, a security system detects anomalous activity in a network, which can include ports used, compares users to find similar users, sorts similar users into cohorts, and compares new user activity to logged behavior of the cohort.
References
More filters
Book
Computer Security
TL;DR: This new edition of this self-study guide includes sections on Windows NT, CORBA, and Java and discusses cross-site scripting and JavaScript hacking as well as SQL injection.
ReportDOI
Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology
Patent
System and method for network vulnerability detection and reporting
Stuart McClure,George Kurtz,Robin Keir,Marshall A. Beddoe,Michael J. Morton,Christopher M. Prosise,David M. Cole,Christopher Abad +7 more
TL;DR: In this article, a system and method provide comprehensive and highly automated testing of vulnerabilities to intrusion on a target network, including identification of operating system, identification of target network topology and target computers.
Patent
Active network defense system and method
TL;DR: In this paper, an active network defense system is provided that is operable to monitor and block traffic in automated fashion, which is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure.
Patent
Method and System for Managing Computer Security Information
Timothy P. Farley,John M. Hammer,Bryan Douglas Williams,Philip Charles Brass,George C. Young,Derek John Mezack +5 more
TL;DR: In this article, the authors present a fusion engine that can identify relationships between one or more real-time, raw computer events as they are received in realtime, and assess and rank the risk of realtime raw events as well as mature correlation events.