Browse Prior Art Database

System To Detect Weakest Link Security Risks

IP.com Disclosure Number: IPCOM000238641D
Publication Date: 2014-Sep-09
Document File: 2 page(s) / 29K

Publishing Venue

The IP.com Prior Art Database

Abstract

A system and method to detect weakest link security risks is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 40% of the total text.

Page 01 of 2

System To Detect Weakest Link Security Risks

Disclosed is a system and method to detect weakest link security risks.

The incidence of destructive cyber attacks against strategic large companies has increased dramatically. Banks, newspapers, power companies, have all been attacked by ever more sophisticated methods. Many of these involve finding a small minimally protected company doing business with a larger company and penetrating the small establishments to gather data that can be used to penetrate larger businesses. For example, hacking small companies that do debit/credit card processing to get IDs, debit card numbers, and the like. Once that information is received, other actions such as raising debt limits on these cards and using them to perpetrate an attack on large banks. A security system is only as strong as the weakest link. Similarly cyber thieves could use names, dates of birth and social security numbers obtained from a minimally protected doctor's office to commit crimes against the US government such as fraudulently applying for IRS refund checks.

The disclosed method creates a security risk 'tree' showing the relationship of an establishment to a tree or graph of other establishments that do business directly or indirectly with the establishment. The method displays a security risk rating indication for each establishment that does business with the establishment directly or with an enterprise that does business with one that also does business with the establishment. The security risks ratings are set according to an analysis procedure as described below.

Security software providers (e.g. anti virus or anti spyware providers) often capture information about viruses and malware found on user's computers and maintain a database of identified computer virus infections. This is useful for historical purposes (e.g. the incidence of a given virus, how fast is it spreading, where is it spreading, etc.) Security software providers could easily capture additional information, (in the event that they do not already), such as the IP address of the infected machine, the severity of the infection, the machine name, etc. By identifying the domain of the IP address, they can also capture the name of the company or Web site associated with the infected user and the location of the

infected user. For example, IP addresses starting with 9, belong to IBM

                                             ® . The analysis program could also search for news articles, blogs, tweets, or other Web data to discover evidence of malware infections or security breaches associated with direct or indirect business partners.

Using the above information, the security risk analysis program could understand the historical incidence of computer infections for each company that has security software installed on employee computers. Using a set of rules specified by a business establishment, they could rate the level of security risk associated with each of its direct or indirect business partner...