IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0099654
(2016-04-15)
|
등록번호 |
US-10003598
(2018-06-19)
|
발명자
/ 주소 |
- Kling, John Howard
- Brubaker, Mark Earl
- Quon, Cora Yan
- Bierner, Rachel Yun Kim
- Moloian, Armen
- Kuhlmeier, Ronald James
|
출원인 / 주소 |
- Bank of America Corporation
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
0 인용 특허 :
38 |
초록
▼
Systems, computer program products, and methods are described herein for a model framework and system for cyber security services. The present invention is configured to determine one or more access paths to the internal computing device from an external computing device; determine one or more contr
Systems, computer program products, and methods are described herein for a model framework and system for cyber security services. The present invention is configured to determine one or more access paths to the internal computing device from an external computing device; determine one or more controls associated with each access path; determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device; determine whether the one or more controls associated with the at least one of the one or more access paths is capable of detecting the access; determine one or more tools configured to regulate the one or more controls; and incorporate the one or more tools within the network to regulate the one or more controls to detect and monitor the access.
대표청구항
▼
1. A model framework and system for cyber security services, the system comprising: at least one non-transitory storage device;at least one processor; andat least one module stored in said storage device and comprising instruction code that is executable by the at least one processor and configured
1. A model framework and system for cyber security services, the system comprising: at least one non-transitory storage device;at least one processor; andat least one module stored in said storage device and comprising instruction code that is executable by the at least one processor and configured to cause said at least one processor to: electronically receive, via a distributed network of servers, information associated with an internal computing device within a network;determine one or more access paths to the internal computing device from an external computing device;determine one or more controls associated with each of the one or more access paths associated with the internal computing device, wherein the one or more controls are configured to determine access to the internal computing device;determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device;determine that the one or more controls associated with the at least one of the one or more access paths is not capable of detecting the access by the external computing device via at least one of the one or more types of access, wherein determining further comprises determining that the one or more controls is not capable of regulating one or more conditions associated with the one or more types of access;determine one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;identify one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate a regulation of the one or more controls to detect and prohibit access to the internal computing device via at least one of the one or more types of access; andincorporate the one or more identified tools within the network to regulate the one or more controls to detect and monitor the accessing of the internal computing device by the external computing device via at least one of the one or more types of access previously not capable of detecting the access. 2. The system of claim 1, wherein the module is further configured to cause the at least one processor to: determine that access to the internal computing device by the external computing device via at least one of the one or more types of access causes a loss event;determine a probability score associated with the loss event, wherein the probability score indicates chances of occurrence of the loss event;determine a magnitude of impact score associated with the loss event, wherein the magnitude of impact score indicates a consequence of the loss event; anddetermine an exposure score associated with the loss event based on at least the probability score and the magnitude of impact score. 3. The system of claim 2, wherein the one or more controls are configured to be regulated to detect and prohibit access to the internal computing device via at least one of the one or more types of access, thereby reducing the exposure score associated with the loss event. 4. The system of claim 2, wherein the module is further configured to cause the at least one processor to: determine that the exposure score associated with the loss event is greater than a predetermined threshold;determine one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;identify one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate the regulation of the one or more controls to detect and prohibit access to the internal computing device by the external computing device; andincorporate the one or more identified tools within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device, wherein the incorporation of the one or more identified tools results in the exposure score associated with the loss event to be lower than the predetermined threshold. 5. The system of claim 1, wherein the module is further configured to cause the at least one processor to: determine that a first tool identified to facilitate the regulation of the one or more controls comprises one or more capabilities that overlap with the capabilities of a second tool also identified to facilitate the regulation of the one or more controls, wherein the first tool and the second tool associated with the one or more tools identified;initiate a presentation of a user interface to enable a user to select the first tool or the second tool for the one or more overlapped capabilities;receive a user input comprising a selection of the first tool and/or the second tool for the one or more overlapped capabilities; andincorporate the first tool and the second tool within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device. 6. A computerized method for a model framework and system for cyber security services, the method comprising: electronically receiving, via a distributed network of servers, information associated with an internal computing device within a network;determining, using a computing device processor, one or more access paths to the internal computing device from an external computing device;determining, using a computing device processor, one or more controls associated with each of the one or more access paths associated with the internal computing device, wherein the one or more controls are configured to determine access to the internal computing device;determining, using a computing device processor, one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device;determining, using a computing device processor, that the one or more controls associated with the at least one of the one or more access paths is not capable of detecting the access by the external computing device via at least one of the one or more types of access, wherein determining further comprises determining that the one or more controls is not capable of regulating one or more conditions associated with the one or more types of access;determining, using a computing device processor, one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;identifying, using a computing device processor, one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate a regulation of the one or more controls to detect and prohibit access to the internal computing device via at least one of the one or more types of access; andincorporating, using a computing device processor, the one or more identified tools within the network to regulate the one or more controls to detect and monitor the accessing of the internal computing device by the external computing device via at least one of the one or more types of access previously not capable of detecting the access. 7. The method of claim 6, wherein the method further comprises: determining that access to the internal computing device by the external computing device via at least one of the one or more types of access causes a loss event;determining a probability score associated with the loss event, wherein the probability score indicates chances of occurrence of the loss event;determining a magnitude of impact score associated with the loss event, wherein the magnitude of impact score indicates a consequence of the loss event; anddetermining an exposure score associated with the loss event based on at least the probability score and the magnitude of impact score. 8. The method of claim 7, wherein the one or more controls are configured to be regulated to detect and prohibit access to the internal computing device via at least one of the one or more types of access, thereby reducing the exposure score associated with the loss event. 9. The method of claim 7, wherein the method further comprises: determining that the exposure score associated with the loss event is greater than a predetermined threshold;determining one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;identifying one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate the regulation of the one or more controls to detect and prohibit access to the internal computing device by the external computing device; andincorporating the one or more identified tools within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device, wherein the incorporation of the one or more identified tools results in the exposure score associated with the loss event to be lower than the predetermined threshold. 10. The method of claim 6, wherein the method further comprises: determining that a first tool identified to facilitate the regulation of the one or more controls comprises one or more capabilities that overlap with the capabilities of a second tool also identified to facilitate the regulation of the one or more controls, wherein the first tool and the second tool associated with the one or more tools identified;initiating a presentation of a user interface to enable a user to select the first tool or the second tool for the one or more overlapped capabilities;receiving a user input comprising a selection of the first tool and/or the second tool for the one or more overlapped capabilities; andincorporating the first tool and the second tool within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device. 11. A non-transitory computer program product for a model framework and system for cyber security services, the computer program product comprising a non-transitory computer-readable medium comprising code causing a first apparatus to: electronically receive, via a distributed network of servers, information associated with an internal computing device within a network;determine one or more access paths to the internal computing device from an external computing device;determine one or more controls associated with each of the one or more access paths associated with the internal computing device, wherein the one or more controls are configured to determine access to the internal computing device;determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device;determine that the one or more controls associated with the at least one of the one or more access paths is not capable of detecting the access by the external computing device via at least one of the one or more types of access, wherein determining further comprises determining that the one or more controls is not capable of regulating one or more conditions associated with the one or more types of access;determine one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;identify one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate a regulation of the one or more controls to detect and prohibit access to the internal computing device via at least one of the one or more types of access; andincorporate the one or more identified tools within the network to regulate the one or more controls to detect and monitor the accessing of the internal computing device by the external computing device via at least one of the one or more types of access previously not capable of detecting the access. 12. The computer program product of claim 11, wherein the first apparatus is further configured to: determine that access to the internal computing device by the external computing device via at least one of the one or more types of access causes a loss event;determine a probability score associated with the loss event, wherein the probability score indicates chances of occurrence of the loss event;determine a magnitude of impact score associated with the loss event, wherein the magnitude of impact score indicates a consequence of the loss event; anddetermine an exposure score associated with the loss event based on at least the probability score and the magnitude of impact score. 13. The computer program product of claim 12, wherein the first apparatus is further configured to: determine that the exposure score associated with the loss event is greater than a predetermined threshold;determine one or more capabilities associated with the one or more types of access, the one or more types of access incapable of being regulated by the one or more controls;identify one or more tools based on at least the one or more determined capabilities, wherein the one or more identified tools facilitate the regulation of the one or more controls to detect and prohibit access to the internal computing device by the external computing device; andincorporate the one or more identified tools within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device, wherein the incorporation of the one or more identified tools results in the exposure score associated with the loss event to be lower than the predetermined threshold. 14. The computer program product of claim 11, wherein the first apparatus is further configured to: determine that a first tool identified to facilitate the regulation of the one or more controls comprises one or more capabilities that overlap with the capabilities of a second tool also identified to facilitate the regulation of the one or more controls, wherein the first tool and the second tool associated with the one or more tools identified;initiate a presentation of a user interface to enable a user to select the first tool or the second tool for the one or more overlapped capabilities;receive a user input comprising a selection of the first tool and/or the second tool for the one or more overlapped capabilities; andincorporate the first tool and the second tool within the network to regulate the one or more controls to detect and prohibit access to the internal computing device by the external computing device.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.