“System And Method For Assessing Cybersecurity Risk Of Computer Network” in Patent Application Approval Process (USPTO 20210105296)

2021 APR 28 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors Kibler, Philip (Whiteland, IN); Wilson, Daniel (Firestone, CO); Overton, Martin (West Sussex, GB); Grella, Tracie (Maplewood, NJ); Pace, Garin (Darien, CT), filed on December 18, 2020, was made available online on April 8, 2021, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application is assigned to American International Group Inc. (New York, New York, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Today insurance carriers underwrite risks of a prospect who is deciding whether to purchase cyber insurance, and, if, so, how much to purchase and what coverages to get. Conventionally, this method of underwriting is manual in nature and relies upon the prospective Policyholder providing an accurate picture of their true cyber risk. From this input, the insurance carrier tries to determine effectively the level of risk and associated pricing and coverages that can be offered. Once the insurance carrier underwrites and prices the insured, through the broker, the insured makes a decision and buys the particular coverage and the policy then binds and is in place, typically for twelve months. The insurance carrier has had the risk transferred to its accounts, and over the time period of the policy has no insight into the insured’s cybersecurity posture, unless a claim is made. Meanwhile, new cyber exposures are discovered on a daily basis, and thus cyber risk levels are also constantly changing. This leaves the insurance carrier exposed to a potentially higher level of risk than what was determined at the time of underwriting, or even some previously unknown risk, throughout the pendency of the policy period.

“There is a continued need in the art to provide additional solutions to help protect a computer network from cyber attacks and to evaluate its susceptibility to such attacks. For example, there is a continued need for techniques for improving the ability to assess the cybersecurity risks associated with a given network on an ongoing basis.

“It will be appreciated that this background description has been created by the inventors to aid the reader, and is not to be taken as an indication that any of the indicated problems were themselves appreciated in the art. While the described principles can, in some respects and embodiments, alleviate the problems inherent in other systems, it will be appreciated that the scope of the protected innovation is defined by the attached claims, and not by the ability of any disclosed feature to solve any specific problem noted herein.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “Aspects of this disclosure are directed to systems, methods, and computer program products for assessing cybersecurity risk of an operating computer network over time. Computer-implemented architecture can include a non-transitory computer-readable medium containing a cybersecurity risk program constructed to periodically determine a value of a cybersecurity risk parameter on a scale where the value is indicative of the cybersecurity risk level of the computer network.

“In one aspect, an embodiment of a system for assessing cybersecurity risk of a computer network includes a non-transitory computer-readable medium having a cybersecurity risk program, a cybersecurity processor in operable arrangement with the computer-readable medium, a data storage device in operable arrangement with the cybersecurity processor, and a web-enabled interface communicatively arranged with the cybersecurity processor to exchange information with a client portal. The cybersecurity processor is configured to execute the cybersecurity risk program contained on the computer-readable medium. The data storage device includes a cybersecurity risk parameter with a first value on a scale indicative of a cybersecurity risk level of the computer network at a first time. The web-enabled interface is in communicating relationship with the cybersecurity processor and the data storage device to exchange information with a client portal

“The cybersecurity risk program includes a cyber risk calculation module and a display module. The cyber risk calculation module is configured to receive input data associated with the computer network at a second time. The second time is different from the first time. The input data corresponds to operational characteristics of the computer network at the second time. The cyber risk calculation module is configured to analyze operational characteristics of the computer network at the second time using a risk model to determine a second value of the cybersecurity risk parameter at the second time. The risk model includes a number of data fields configured to determine a value on the scale indicative of the cybersecurity risk level of the computer network. At least one operational characteristic of the computer network from the input data is used in at least one data field of the risk model. The display module is configured to transmit the second value of the cybersecurity risk parameter at the second time via the web-enabled interface to the client portal for display in a graphical user interface.

“In another aspect, an embodiment of a method of assessing cybersecurity risk of a computer network, which has a cybersecurity risk parameter with a first value on a scale indicative of a cybersecurity risk level of the computer network at a first time, includes employing a processor to execute a cybersecurity risk program having computer-executable instructions stored on a non-transitory computer-readable medium. The cybersecurity risk program causes the processor to perform a number of steps.

“Input data associated with the computer network is received at a second time. The second time is different from the first time. The input data corresponds to operational characteristics of the computer network at the second time.

“The operational characteristics of the computer network are analyzed using a risk model to determine a second value of the cybersecurity risk parameter at the second time. The risk model includes a number of data fields configured to determine a value on the scale indicative of the cybersecurity risk level of the computer network. At least one operational characteristic of the computer network from the input data is used in at least one data field of the risk model.

“The second value of the cybersecurity risk parameter at the second time is transmitted to a client portal for display in a graphical user interface.

“In another embodiment, a method of monitoring cybersecurity risk of a computer network, which has a cybersecurity risk parameter with a first value on a scale indicative of a cybersecurity risk level of the computer network at a first time, includes actively monitoring the computer network via a cybersecurity system installed within the computer network. The cybersecurity system is configured to generate operational data relating to the computer network at a second time which is different from the first time.

“A processor is employed to execute a cybersecurity risk program including computer-executable instructions stored on a non-transitory computer-readable medium causing the processor to perform steps. The operational data of the computer network is analyzed to determine input data corresponding to operational characteristics of the computer network. The input data is transmitted to a risk model configured to determine a second value of the cybersecurity risk parameter at the second time. The risk model includes a number of data fields configured to determine a value on a scale indicative of the cybersecurity risk level of the computer network. At least one operational characteristic of the computer network from the input data is used in at least one data field of the risk model.

“As will be appreciated, the systems, methods, and computer program products disclosed herein are capable of being carried out in other and different embodiments and capable of being modified in various respects. Accordingly, it is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and do not restrict the scope of the appended claims.”

The claims supplied by the inventors are:

“1. A method of assessing cybersecurity risk of a computer network, the computer network having a cybersecurity risk parameter with a first value on a scale indicative of a cybersecurity risk level of the computer network at a first time, the method comprising: employing a processor to execute a cybersecurity risk program including computer-executable instructions stored on a non-transitory computer-readable medium causing the processor to perform steps including: receiving input data associated with the computer network at a second time, the second time being different from the first time, the input data corresponding to operational characteristics of the computer network at the second time, analyzing the operational characteristics of the computer network using a risk model to determine a second value of the cybersecurity risk parameter at the second time, the risk model including a number of data fields configured to determine a value on the scale indicative of the cybersecurity risk level of the computer network, at least one operational characteristic of the computer network from the input data being used in at least one data field of the risk model, and transmitting the second value of the cybersecurity risk parameter at the second time to a client portal for display in a graphical user interface.

“2. The method of claim 1, wherein the computer-executable instructions of the cybersecurity risk program further cause the processor to perform further steps including: receiving input data associated with, and corresponding to operational characteristics of, the computer network the computer network at a third time, the third time being different from both the first time and the second time, analyzing the operational characteristics of the computer network at the third time using the risk model to determine a third value of the cybersecurity risk parameter at the third time, generating risk score trend data of the computer network based upon at least two of the first value, the second value, and the third value, and transmitting the risk score trend data to the client portal for display in the graphical user interface.

“3. The method of claim 1, wherein the computer-executable instructions of the cybersecurity risk program further cause the processor, in response to receiving a forecast request from the client portal for at least one of a set of cybersecurity controls not present within the computer network, to analyze the operational characteristics of the computer network at the second time modified by assuming said at least one of the set of cybersecurity controls not present within the computer network is implemented in the computer network using the risk model to determine a forecasted value of the cybersecurity risk parameter and to transmit the forecasted value of the cybersecurity risk parameter to the client portal for display in the graphical user interface.

“4. The method of claim 1, wherein the risk model includes a threat likelihood module, a business impact module, and a control effectiveness module, and wherein the operational characteristics of the computer network are analyzed using the risk model to determine a residual risk score, the residual risk score being based upon a control effectiveness value from the control effectiveness module being deducted from a product of a threat likelihood value from the threat likelihood module and a business impact value from the business impact module.

“5. The method of claim 4, wherein the business impact module calculates the business impact value based upon asset data associated with an operational configuration of the computer network.

“6. The method of claim 1, wherein the input data associated with the computer network at the second time is received via a data feed from a cybersecurity system installed within the computer network.

“7. The method of claim 6, wherein the computer-executable instructions of the cybersecurity risk program further cause the processor to monitor the data feed from the cybersecurity system installed within the computer network for a valid threat alert, and, in response to receiving the valid threat alert, transmitting an alert message to the client portal for display in the graphical user interface.

“8. The method of claim 6, wherein the computer-executable instructions of the cybersecurity risk program further cause the processor to monitor the data feed from the cybersecurity system installed within the computer network for a valid threat alert, and, in response to receiving the valid threat alert, to actively modify the computer network by implementing a protective measure configured to reduce the threat.

“9. The method of claim 6, wherein the computer-executable instructions of the cybersecurity risk program further cause the processor, in response to receiving an alert input concerning a cybersecurity threat, to transmit a threat alert message concerning the cybersecurity threat to the client portal for display in the graphical user interface independent of whether the cybersecurity threat is detected within the computer network.

“10. The method of claim 6, wherein the computer-executable instructions of the cybersecurity risk program further cause the processor to select a cybersecurity control from a set of cybersecurity controls not present within the computer network, the selected cybersecurity control determined by calculating a relative effectiveness value for each of the set of cybersecurity controls and identifying the highest relative effectiveness value and to transmit data concerning the selected cybersecurity control to the client portal for display in the graphical user interface.

“11. The method of claim 10, wherein the computer-executable instructions of the cybersecurity risk program further cause the processor, in response to receiving a forecast request from the client portal for at least one of the set of cybersecurity controls not present within the computer network, to analyze the operational characteristics of the computer network at the second time as modified by assuming said at least one of the set of cybersecurity controls not present within the computer network is implemented in the computer network using the risk model to determine a forecasted value of the cybersecurity risk parameter and to transmit the forecasted value of the cybersecurity risk parameter to the client portal for display in the graphical user interface.

“12-14. (canceled)

“15. A system for assessing cybersecurity risk of a computer network, the system comprising: a non-transitory computer-readable medium including a cybersecurity risk program; a cybersecurity processor in operable arrangement with the computer-readable medium, the cybersecurity processor configured to execute the cybersecurity risk program contained on the computer-readable medium; and a data storage device in operable arrangement with the cybersecurity processor, the data storage device including a cybersecurity risk parameter with a first value on a scale indicative of a cybersecurity risk level of the computer network at a first time; a web-enabled interface in communicative relationship with the cybersecurity processor and the data storage device to exchange information with a client portal; wherein the cybersecurity risk program includes a cyber risk calculation module and a display module, the cyber risk calculation module configured to receive input data associated with the computer network at a second time, the second time being different from the first time, the input data corresponding to operational characteristics of the computer network at the second time, and to analyze operational characteristics of the computer network at the second time using a risk model to determine a second value of the cybersecurity risk parameter at the second time, the risk model including a number of data fields configured to determine a value on the scale indicative of the cybersecurity risk level of the computer network, at least one operational characteristic of the computer network from the input data being used in at least one data field of the risk model, and the display module configured to transmit the second value of the cybersecurity risk parameter at the second time via the web-enabled interface to the client portal for display in a graphical user interface.

“16. The system of claim 15, wherein the cybersecurity risk program further includes a forecast module, the forecast module configured, in response to receiving a forecast request from the client portal via the web-enabled interface for at least one of a set of cybersecurity controls not present within the computer network, to analyze the operational characteristics of the computer network at the second time modified by assuming said at least one of the set of cybersecurity controls not present within the computer network is implemented in the computer network using the risk model to determine a forecasted value of the cybersecurity risk parameter, and wherein the display module is configured to transmit the forecasted value of the cybersecurity risk parameter via the web-enabled interface to the client portal for display in the graphical user interface.

“17. The system of claim 15, wherein the risk model includes a threat likelihood module, a business impact module, and a control effectiveness module, and wherein the cyber risk calculation module is configured to analyze the operational characteristics of the computer network using the risk model to determine a residual risk score, the residual risk score being based upon a control effectiveness value from the control effectiveness module being deducted from a product of a threat likelihood value from the threat likelihood module and a business impact value from the business impact module, and wherein the display module is configured to transmit the residual risk score via the web-enabled interface to the client portal for display in the graphical user interface.

“18. The system of claim 17, wherein the business impact module calculates the business impact value based upon asset data from the data storage device, the asset data associated with an operational configuration of the computer network.

“19. The system of claim 15, wherein the cybersecurity risk program further includes a monitoring module, the monitoring module configured to monitor a data feed received from a cybersecurity system installed within the computer network for a valid threat alert, and wherein the display module is configured, in response to the monitoring module receiving the valid threat alert, to transmit an alert message via the web-enabled interface to the client portal for display in the graphical user interface.

“20. The system of claim 15, wherein the cybersecurity risk program further includes a monitoring module, the monitoring module configured to monitor a data feed received from a cybersecurity system installed within the computer network for a valid threat alert, and, in response to receiving the valid threat alert, to actively modify the computer network by implementing a protective measure configured to reduce the threat.

“21. The system of claim 15, wherein the cybersecurity risk program further includes a cybersecurity risk reduction module configured to select a cybersecurity control from a set of cybersecurity controls not present within the computer network, the selected cybersecurity control determined by calculating a relative effectiveness value for each of the set of cybersecurity controls and identifying the highest relative effectiveness value, and wherein the display module is configured to transmit data concerning the selected cybersecurity control via the web-enabled interface to the client portal for display in the graphical user interface.

“22-23. (canceled)

“24. A method of monitoring cybersecurity risk of a computer network, the computer network having a cybersecurity risk parameter with a first value on a scale indicative of a cybersecurity risk level of the computer network at a first time, the method comprising: actively monitoring the computer network via a cybersecurity system installed within the computer network, the cybersecurity system configured to generate operational data relating to the computer network at a second time, the second time being different from the first time; employing a processor to execute a cybersecurity risk program including computer-executable instructions stored on a non-transitory computer-readable medium causing the processor to perform steps including: analyzing the operational data of the computer network to determine input data corresponding to operational characteristics of the computer network, transmitting the input data to a risk model configured to determine a second value of the cybersecurity risk parameter at the second time, the risk model including a number of data fields configured to determine a value on a scale indicative of the cybersecurity risk level of the computer network, at least one operational characteristic of the computer network from the input data being used in at least one data field of the risk model.

“25-27. (canceled)

“28. The method of claim 24, wherein the computer-executable instructions of the cybersecurity risk program further cause the processor to transmit a data feed from the cybersecurity system installed within the computer network, the data feed configured to be used to determine whether a valid cybersecurity threat pertains to the computer network.”

URL and more information on this patent application, see: Kibler, Philip; Wilson, Daniel; Overton, Martin; Grella, Tracie; Pace, Garin. System And Method For Assessing Cybersecurity Risk Of Computer Network. Filed December 18, 2020 and posted April 8, 2021. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220210105296%22.PGNR.&OS=DN/20210105296&RS=DN/20210105296

(Our reports deliver fact-based news of research and discoveries from around the world.)