1. Field of Invention
This Invention relates to computer applications which will protect a corporate enterprise from security incidents, including unauthorized intrusions and malicious computer programs.
2. Description of Prior Art
The foundation of a good cyber security policy for any corporate or government enterprise is a security risk assessment: the probability of a security incident and the impact if it were to occur. The amount of risk that can be tolerated and how to mitigate the risk can be determined based upon the risk assessment.
A security risk assessment is difficult to perform, due in part to the difficulty of assessing probability that a security incident could occur. Current methods amount to a subjective rating of known vulnerabilities for an enterprise. ISO 2700 standards even recommend that several people perform the analysis and that their opinions be averaged. Current methods are also manual, laborious and time consuming to perform, and are therefore performed infrequently.