US 12,235,969 B2
System and method for calculating and understanding aggregation risk and systemic risk across a population of organizations with respect to cybersecurity for purposes of damage coverage, consequence management, and disaster avoidance
Paulo Shakarian, Tempe, AZ (US); Jana Shakarian, Tempe, AZ (US); Gerardo I. Simari, Tempe, AZ (US); Harshdeep Singh Sandhu, Tempe, AZ (US); and Anudeep Reddy Sanepalli, Tempe, AZ (US)
Assigned to SECURIN INC., Albuquerque, NM (US)
Appl. No. 17/611,415
Filed by Securin Inc., Albuquerque, NM (US)
PCT Filed May 20, 2020, PCT No. PCT/US2020/033846
§ 371(c)(1), (2) Date Nov. 15, 2021,
PCT Pub. No. WO2020/236960, PCT Pub. Date Nov. 26, 2020.
Claims priority of provisional application 62/850,431, filed on May 20, 2019.
Prior Publication US 2022/0215102 A1, Jul. 7, 2022
Int. Cl. G06F 21/57 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 2221/034 (2013.01)] 12 Claims
OG exemplary drawing
 
1. A system, comprising:
a processor;
a network interface in operable communication with the processor, the network interface operable for communicating with a network and providing the processor with access to information including common platform enumerations (CPEs) and corresponding common vulnerability enumerations (CVEs); and
a memory storing a set of instructions executable by the processor, the set of instructions, when executed by the processor, operable to:
access a dataset, wherein the dataset comprises a plurality of vulnerabilities, a plurality of software components, and a plurality of organizations, wherein each of the plurality of organizations is associated with at least one of the plurality of vulnerabilities or at least one of the plurality of software components,
determine a set of risk probabilities using artificial intelligence for one of the plurality of software components or one of the plurality of vulnerabilities, wherein the set of risk probabilities comprises:
a first probability value associated with a probability that the software component or vulnerability will be exploited across the plurality of organizations, and
a second probability value associated with a probability that the software component or vulnerability in association with each of the plurality of organizations will be exploited,
evaluate a cost figure for the vulnerability or the software component based on the set of risk probabilities associated with the vulnerability or the software component and each of the plurality of organizations,
determine an overall probability that a software component or vulnerability will be exploited and have an associated payout of at least a given amount as a result of having been exploited across the plurality of organizations; and
after determining the overall probability, the processor is further operable to identify a first group of one or more organizations of the plurality of organizations such that one or more risk probabilities of the set of risk probabilities will be reduced if the corresponding vulnerability or software component is resolved.