	US 11,886,598 B2
	System and method for scalable cyber-risk assessment of computer systems
Candan Bolukbas, Stone Ridge, VA (US); Robert Maley, Chandler, AZ (US); and Ferhat Dikbiyik, Sakarya (TR)
Assigned to NormShield, Inc., Vienna, VA (US)
Filed by NormShield, Inc., Vienna, VA (US)
Filed on Feb. 11, 2021, as Appl. No. 17/174,307.
Application 17/174,307 is a continuation of application No. 16/855,282, filed on Apr. 22, 2020, granted, now 10,949,543.
Prior Publication US 2021/0334387 A1, Oct. 28, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/00 (2013.01); G06F 21/57 (2013.01)

CPC G06F 21/577 (2013.01) [G06F 2221/034 (2013.01)]

20 Claims

1. A method of cyber risk assessment, the method comprising:

a) receiving a request for a quantitative cyber risk assessment of an entity associated with a domain name;

b) discovering a digital footprint of the entity based on the domain name using non-intrusive information gathering;

c) determining an entity classification comprising a size and one of industry or country based on the digital footprint;

d) determining an entity technical finding comprising at least one of an asset vulnerability, a threat, a data loss, or a cyber event based on the discovered digital footprint;

e) computing a loss event frequency and a loss magnitude using the entity classification and the entity technical finding;

f) computing a probable financial impact of a cyber risk based on the loss event frequency and on the loss magnitude; and

g) providing recommendations for remediating the cyber risk based on the computed probable financial impact.