Large organizations, such as international banks and other financial institutions, rely heavily on their computer systems to carry out their business operations. Increasingly, organizations are connecting their networks to public networks, such as the Internet, to allow them to communicate with their customers and other organizations. However, in doing so, they open up their networks to a wider range and greater number of electronic threats, such as computer viruses, Trojan horses, computer worms, hacking and denial-of-service attacks.
To respond to these forms of threat, organizations can implement procedures, tools and countermeasures for providing network security. For example, they can install intrusion detection and prevention systems to protect their network. However, even if these security systems are properly managed and well maintained, their network may still be vulnerable to threat. Furthermore, their network may also be vulnerable to other, non-electronic forms of threat, such as fire, flood or terrorism.
The present invention seeks to provide apparatus for and a method of assessing threat to a computer network or computer networks.