| CPC H04L 63/1433 (2013.01) | 22 Claims |
|
1. A method comprising:
determining user information associated with or based on one or more user attributes associated with a vulnerability of a computing device, wherein the one or more user attributes associated with the vulnerability of the computing device comprises first data associated with at least two of:
a website or application,
a browser or application history,
a downloaded or executed file, or
a password, privilege, or configuration;
quantifying the user information associated with or based on the one or more user attributes associated with the vulnerability of the computing device, thereby generating quantified user information;
determining system exploitability information of the computing device, the system exploitability information associated with or based on one or more of:
the vulnerability of the computing device, and
a security window associated with the computing device;
quantifying the system exploitability information of the computing device, thereby generating quantified system exploitability information;
determining system criticality information of the computing device, the system criticality information associated with or based on one or more of:
an asset associated with the computing device, and
a first service associated with the computing device;
quantifying the system criticality information of the computing device, thereby generating quantified system criticality information; and
generating a risk profile for the computing device based on the quantified user information, the quantified system exploitability information, and the quantified system criticality information.
|