| CPC G06F 21/577 (2013.01) [G06F 21/6245 (2013.01); G06F 2221/033 (2013.01)] | 15 Claims |
|
1. A computer-implemented method for determining a cybersecurity risk score of information technology (IT) infrastructure, the method comprising:
receiving results from a sensitive data scan of IT infrastructure of an organization, the results including indications of a volume of sensitive data found during the scan, types of the sensitive data found during the scan, and locations at which the sensitive data was found during the scan; and
determining a cybersecurity risk score for the IT infrastructure of the organization, wherein determining the cybersecurity risk score includes calculating the cybersecurity risk score based on the volume of sensitive data found during the scan, value of the sensitive data found during the scan, and vulnerability of the locations at which the sensitive data was found during the scan; and wherein the value of the sensitive data found during the scan represents relative worth to the organization of the sensitive data, determining the cybersecurity risk score includes parsing out data from the results of the sensitive data scan and applying weighting coefficients in calculating the cybersecurity risk score, and the weighting coefficients applied include vulnerability coefficients for the locations at which the sensitive data was found during the scan and value coefficients for the types of the sensitive data found during the scan.
|