“System And Method For Continuous Improvement Of A Cyber Security Rating Of A Firm” in Patent Application Approval Process (USPTO 20240144136): Guardian Life Insurance Company of America

2024 MAY 16 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors Johnson, Daniel (Slingerlands, NY, US); Mukundan, Balaji (Mylapore, IN); S, Naveen Kumar (Attur, Salem, Tamil Nadu, IN); Singh, Manas (Chappaqua, NY, US), filed on October 27, 2022, was made available online on May 2, 2024, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application is assigned to Guardian Life Insurance Company of America (New York, New York, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “As firms around the world become more connected via cyber settings, many firms use one or more rating systems to demonstrate to other firms, other customers, and other government bodies how well they secure information in cybersecurity settings. Such rating systems may be derived from anonymous, individual reviewers; from machine-learning programs; or from professional cybersecurity assessors or auditors. Obtaining a cybersecurity rating through these systems may be costly, may require excessive waiting times, or yield security ratings that are not adequately informative or methodological.

“Prior to this disclosure, attempts to reduce problems from rating cybersecurity characteristics of a firm further came in forms of developing case-by-case cybersecurity tests. Another option was to manually install in-house cybersecurity rating systems that have virtually no applicability to other cybersecurity-concerned organizations.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “In one implementation, a system to continuously improve the cybersecurity rating of a firm includes a feed processor configured to parse at least one cybersecurity report and to feed for building an instance graph.

“One or more of the following features may be included. The system may include the instance graph being annotated through a knowledge base, as well as being versioned and stored in a graph database. The system may include a cybersecurity knowledge graph builder configured to take input from an organization’s software and security events and build a reference graph while assigning a cyber score to at least one node. The system may include a correlation engine configured to compare the instance graph that has been versioned with the reference graph, as well as generate a difference graph. The system may include a recommendation engine configured to parse the difference graph for generating an auto-remediation workflow or for generating a risk registration. The system may include the auto-remediation workflow being configured to execute against the organization’s software and security systems, as well as adjust policies and fix vulnerabilities. The system may include the auto-remediation workflow being configured to remediate vulnerabilities and trigger the cybersecurity knowledge graph builder to generate an updated and versioned cybersecurity reference graph.

“In another implementation, a method for continuously improving the cybersecurity rating of a firm includes configuring a feed processor configured to parse at least one cybersecurity report and to feed for building an instance graph. The method may include annotating the instance graph through a knowledge base, as well as versioning and storing the instance graph in a graph database. The method may include configuring a cybersecurity knowledge graph builder to take input from an organization’s software and security events for building a reference graph while assigning a cyber score to at least one node. The method may include configuring a correlation engine to compare the instance graph that has been versioned with the reference graph and generating a difference graph. The method may include configuring a recommendation engine to parse the difference graph and generate an auto-remediation workflow, or generate a risk registration. The method may include configuring the auto-remediation workflow to execute against the organization’s software and security systems and adjust policies and fix vulnerabilities. The method may include configuring the auto-remediation workflow to remediate vulnerabilities and trigger the cybersecurity knowledge graph builder to generate an updated and versioned cybersecurity reference graph.”

The claims supplied by the inventors are:

“1. A system to continuously improve the cybersecurity rating of a firm, comprising: A feed processor configured to parse at least one cybersecurity report and to feed for building an instance graph.

“2. The system as claimed in claim 1, wherein the instance graph is annotated through a knowledge base, as well as versioned and stored in a graph database.

“3. The system as claimed in claim 2, further comprising a cybersecurity knowledge graph builder configured to take input from an organization’s software and security events and build a reference graph while assigning a cyber score to at least one node.

“4. The system as claimed in claim 3, further comprising a correlation engine configured to compare the instance graph that has been versioned with the reference graph, as well as generate a difference graph.

“5. The system as claimed in claim 4, further comprising a recommendation engine configured to parse the difference graph for generating an auto-remediation workflow, or for generating a risk registration.

“6. The system as claimed in claim 5, further comprising the auto-remediation workflow being configured to execute against the organization’s software and security systems, as well as adjust policies and fix vulnerabilities.

“7. The system as claimed in claim 5, further comprising the auto-remediation workflow being configured to remediate vulnerabilities and trigger the cybersecurity knowledge graph builder to generate an updated and versioned cybersecurity reference graph.

“8. A method for continuously improving the cybersecurity rating of a firm, comprising: Configuring a feed processor configured to parse at least one cybersecurity report and to feed for building an instance graph.

“9. The method as claimed in claim 8, further comprising annotating the instance graph through a knowledge base, as well as versioning and storing the instance graph in a graph database.

“10. The method as claimed in claim 9, further comprising configuring a cybersecurity knowledge graph builder to take input from an organization’s software and security events for building a reference graph while assigning a cyber score to at least one node.

“11. The method as claimed in claim 10, further comprising configuring a correlation engine to compare the instance graph that has been versioned with the reference graph and generating a difference graph.

“12. The method as claimed in claim 11, further comprising configuring a recommendation engine to parse the difference graph and generate an auto-remediation workflow, or generate a risk registration.

“13. The method as claimed in claim 12, further comprising configuring the auto-remediation workflow to execute against the organization’s software and security systems and adjust policies and fix vulnerabilities.

“14. The system as claimed in claim 12, further comprising configuring the auto-remediation workflow to remediate vulnerabilities and trigger the cybersecurity knowledge graph builder to generate an updated and versioned cybersecurity reference graph.”

URL and more information on this patent application, see: Johnson, Daniel; Mukundan, Balaji; S, Naveen Kumar; Singh, Manas. System And Method For Continuous Improvement Of A Cyber Security Rating Of A Firm. U.S. Patent Application Number 20240144136, filed October 27, 2022 and posted May 2, 2024. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(20240144136)&db=US-PGPUB&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)