Large organisations, such as international banks and other financial institutions, rely heavily on their computer systems to carry out their business operations. Increasingly, organisations are connecting their networks to public networks, such as the Internet, to allow them to communicate with their customers and other organisations. However, in doing so, they open up their networks to a wider range and greater number of electronic threats, such as computer viruses, Trojan horses, computer worms, hacking and denial of-service attacks.
To respond to these forms of threat, organisations can implement procedures, tools and countermeasures for providing network security. For example, they can install intrusion detection and prevention systems to protect their network. However, even if these security systems are properly managed and well maintained, their network may still be vulnerable to threat. Furthermore, their network may also be vulnerable to other, non-electronic forms of threat, such as fire, flood or terrorism.
EP 1 768045A describes providing threat and risk analysis for a network comprising assets having interrelationships and interdependencies. Analysis involves using a “cut set” enumeration method. Cut sets can be used as the basis for threat and risk analysis since each cut set may affect the traffic between two dependent assets in the network and thereby affect a security state of the dependent assets, such as confidentiality, integrity or availability.
US 2003/0084349 A describes a method of detecting security threats. Security events based on network message traffic and other network security information are analyzed to identify validated security threats occurring on one or more networks. Alerts are prepared based on the results of the security analysis.
US 2005/0278786 A describes a method of assessing the risk to information resources. The method involves generating or using a security risk index. The security risk index may represent the security of information resources. The security risk index may be based on at least one factor, which may be individually quantified, and may include a threat factor associated with a rate or frequency of security events that threaten the security of the information resources, a vulnerability factor associated with a likelihood of a security event breaching the security of the information resources, an impact factor associated with an expected cost of a breach of the security of the information resources or another type of factor.
US 2003/0154393 A describes a method of managing security risk, where risk associated with a breach of security is analyzed and quantified according to weighted risk variables. The analysis is accomplished by a computerized security risk management system that receives information relating to physical, informational, communication and surveillance risk, and structures the information such that it can be related to risk variables and a security risk level can be calculated according to a relevance of associated risk variables. The security risk level can be indicative of a likelihood that a breach of security may occur relating to a particular transaction or facility. Similarly, a security confidence level can be indicative of how secure a particular facility or practice is and a security maintenance level can be indicative of a level of security that should be maintained in relation to an analyzed subject.
US 2006/0021050 A describes a method which includes assessing security of a computer network according to a set of at least one identified security syndrome by calculating a value representing a measure of security for each security syndrome. The identified security syndrome relates to the security of the computer network. The method also includes displaying a value corresponding to an overall security risk in the computer network based on the calculated measures for the at least one security syndrome.
The present invention seeks to provide an improved apparatus for and a method of assessing threat to a computer network or computer networks.