Methods and apparatuses, including computer program products, are described for transaction-based security risk aggregation and analysis. A server computing device receives security risk data elements from a plurality of data sources. The security risk data elements correspond to a transaction submi
Methods and apparatuses, including computer program products, are described for transaction-based security risk aggregation and analysis. A server computing device receives security risk data elements from a plurality of data sources. The security risk data elements correspond to a transaction submitted by a remote computing device to the server computing device for execution. The server computing device aggregates the security risk data elements into a weighted risk matrix and generates a risk score for the submitted transaction based upon the weighted risk matrix. The server computing device determines a business-level context and an execution priority of the submitted transaction, the business-level context and the execution priority based upon the security risk data elements. The server computing device adjusts the risk score for the submitted transaction based upon the business-level context and the execution priority and determines whether to allow execution of the transaction based upon the adjusted risk score.
대표청구항▼
1. A computerized method for transaction-based security risk aggregation and analysis, the method comprising: receiving, by a server computing device, security risk data elements from a plurality of data sources, the security risk data elements corresponding to a transaction submitted by a remote co
1. A computerized method for transaction-based security risk aggregation and analysis, the method comprising: receiving, by a server computing device, security risk data elements from a plurality of data sources, the security risk data elements corresponding to a transaction submitted by a remote computing device to the server computing device for execution;aggregating, by the server computing device, the security risk data elements into a weighted risk matrix;generating, by the server computing device, a risk score for the submitted transaction based upon the weighted risk matrix;determining, by the server computing device, a business-level context and an execution priority of the submitted transaction, the business-level context and the execution priority based upon the security risk data elements;adjusting, by the server computing device, the risk score for the submitted transaction based upon the business-level context and the execution priority;determining, by the server computing device, whether to allow execution of the transaction based upon the adjusted risk score;storing, by the server computing device, the security risk data elements, the business-level context, the execution priority, and the adjusted risk score for the transaction in a database; andusing, by the server computing device, the stored security risk data elements, the business-level context, the execution priority, and the adjusted risk score to determine whether to allow execution of future transactions. 2. The method of claim 1, wherein the security risk data elements include elements associated with one or more of: the remote computing device and a user assigned to the remote computing device. 3. The method of claim 2, wherein the security risk data elements associated with the remote computing device include elements relating to: a hardware platform of the remote computing device, a software platform of the remote computing device, and a location of the remote computing device. 4. The method of claim 2, wherein the security risk data elements associated with the user assigned to the remote computing device include elements relating to: an identity of the user, a job title of the user, a business unit associated with the user, and an authorization level assigned to the user. 5. The method of claim 1, wherein the business-level context relates to parties involved in the transaction and financial attributes of the transaction. 6. The method of claim 1, wherein the execution priority is determined based upon a financial scope of the transaction. 7. The method of claim 6, wherein the financial scope of the transaction relates to a profit level of the transaction. 8. The method of claim 7, wherein the execution priority increases as the profit level of the transaction becomes larger. 9. The method of claim 1, further comprising transmitting, by the server computing device, a notification to another computing device if execution of the transaction is not allowed. 10. The method of claim 1, further comprising generating, by the server computing device, a report of execution determinations for a plurality of transactions for a predetermined period of time. 11. The method of claim 1, further comprising determining, by the server computing device, one or more security risk trends based upon execution determinations for a plurality of transactions submitted to the server computing device. 12. The method of claim 11, further comprising determining, by the server computing device, remediation measures in response to the one or more security risk trends. 13. A system for transaction-based security risk aggregation and analysis, the system comprising a server computing device configured to: receive security risk data elements from a plurality of data sources, the security risk data elements corresponding to a transaction submitted by a remote computing device to the server computing device for execution;aggregate the security risk data elements into a weighted risk matrix;generate a risk score for the submitted transaction based upon the weighted risk matrix;determine a business-level context and an execution priority of the submitted transaction, the business-level context and the execution priority based upon the security risk data elements;adjust the risk score for the submitted transaction based upon the business-level context and the execution priority;determine whether to allow execution of the transaction based upon the adjusted risk score;store the security risk data elements, the business-level context, the execution priority, and the adjusted risk score for the transaction in a database; anduse the stored security risk data elements, the business-level context, the execution priority, and the adjusted risk score to determine whether to allow execution of future transactions. 14. The system of claim 13, wherein the security risk data elements include elements associated with one or more of: the remote computing device and a user assigned to the remote computing device. 15. The system of claim 14, wherein the security risk data elements associated with the remote computing device include elements relating to: a hardware platform of the remote computing device, a software platform of the remote computing device, and a location of the remote computing device. 16. The system of claim 14, wherein the security risk data elements associated with the user assigned to the remote computing device include elements relating to: an identity of the user, a job title of the user, a business unit associated with the user, and an authorization level assigned to the user. 17. The system of claim 13, wherein the business-level context relates to parties involved in the transaction and financial attributes of the transaction. 18. The system of claim 13, wherein the execution priority is determined based upon a financial scope of the transaction. 19. The system of claim 18, wherein the financial scope of the transaction relates to a profit level of the transaction. 20. The system of claim 19, wherein the execution priority increases as the profit level of the transaction becomes larger. 21. The system of claim 13, further comprising transmitting, by the server computing device, a notification to another computing device if execution of the transaction is not allowed. 22. The system of claim 13, wherein the server computing device is further configured to generate a report of execution determinations for a plurality of transactions for a predetermined period of time. 23. The system of claim 13, wherein the server computing device is further configured to determine one or more security risk trends based upon execution determinations for a plurality of transactions submitted to the server computing device. 24. The system of claim 23, wherein the server computing device is further configured to determine remediation measures in response to the one or more security risk trends. 25. A computer program product, tangibly embodied in a non-transitory computer-readable storage medium, for transaction-based security risk aggregation and analysis, the computer program product including instructions operable to cause a server computing device to: receive security risk data elements from a plurality of data sources, the security risk data elements corresponding to a transaction submitted by a remote computing device to the server computing device for execution;aggregate the security risk data elements into a weighted risk matrix;generate a risk score for the submitted transaction based upon the weighted risk matrix;determine a business-level context and an execution priority of the submitted transaction, the business-level context and the execution priority based upon the security risk data elements;adjust the risk score for the submitted transaction based upon the business-level context and the execution priority;determine whether to allow execution of the transaction based upon the adjusted risk score;store the security risk data elements, the business-level context, the execution priority, and the adjusted risk score for the transaction in a database; anduse the stored security risk data elements, the business-level context, the execution priority, and the adjusted risk score to determine whether to allow execution of future transactions.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (2)
Gustave, Christophe; Chow, Stanley TaiHai; Wiemer, Douglas, Security vulnerability information aggregation.
Andres, Steven G.; Cole, David M.; Cummings, Thomas Gregory; Garcia, Roberto Ramon; Kenyon, Brian Michael; Kurtz, George R.; McClure, Stuart Cartier; Moore, Christopher William; O'Dea, Michael J.; Saruwatari, Ken D., System and method of managing network security risks.
Thomson, Allan; Coleman, Christopher D., Apparatuses, methods and systems for a cyber threat confidence rating visualization and editing user interface.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.