CPC H04L 63/1433 (2013.01) [H04L 63/164 (2013.01); H04L 63/20 (2013.01)] | 21 Claims |
1. A method for securing a service implemented on a computer network, the method comprising:
identifying network assets in the computer network used by the service;
identifying vulnerabilities in one or more of the network assets, each vulnerability having one or more vulnerability risk dimensions weighted by a risk value for each of the vulnerability risk dimensions;
based on the identified vulnerabilities, determining an asset risk score for each of the network assets by applying a criticality value to a sum of the one or more vulnerability risk dimensions as weighted by the risk value for each of the vulnerability risk dimensions;
based on the determined asset risk scores of the network assets, determining a service risk score for the service;
prioritizing implementation of a plurality of vulnerability remediation actions in a priority order based on effects on the service risk score, wherein the priority order is based on a reduction of the service risk score; and
implementing one or more of the plurality of vulnerability remediation actions based on the priority order.
|