Abstract: Embodiments of the present technology relate to cyber attack vulnerability analyzes. In one embodiment, a method includes determining an external infrastructure of an entity, the external infrastructure including one or more cyber assets utilized by the entity, collecting infrastructure information regarding the one or more cyber assets, performing passive cyber security vulnerability testing on the one or more cyber assets using the collected infrastructure information, assessing cyber security vulnerabilities of the one or more cyber assets, calculating an association score for the one or more cyber assets based on the assessed cyber security vulnerabilities, and automatically recommending, based on the association score, computer network changes to reduce the cyber security vulnerabilities.

Abstract: Various embodiments of the present technology include methods of assessing risk of a cyber security failure in a computer network of an entity. Various embodiments also include automatically determining, based on the assessed risk, a change or a setting to at least one element of policy criteria of a cyber security policy, automatically recommending, based on the assessed risk, computer network changes to reduce the assessed risk, and providing one or more recommended computer network changes to reduce the assessed risk. Various embodiments further include enactment by the entity of at least one of the one or more of the recommended computer network changes to reduce the assessed risk to the entity, determining that the entity has enacted at least a portion of the recommended computer network changes, and in response, automatically reassessing the risk of a cyber security failure based on the enacted recommended computer network changes.

Abstract: Various embodiments of the present technology relate to diversity and similarity analysis. In some exemplary embodiments, a method includes, for each of a plurality of entities, receiving a set of variables that are indicative of attributes of an entity. The exemplary method also includes comparing the sets of variables for the plurality of entities to each other, locating clusters of similar variables shared between two or more of the plurality of entities, determining a probable maximum loss for the plurality of entities that share the clusters, the probable maximum loss being a loss value attributed to a cyber event against one or more of the shared variables, receiving feedback from an end user in response to providing the probable maximum loss to the end user, and updating the probable maximum loss in response to the feedback.

Abstract: Embodiments of the present technology relate to diversity and similarity analysis. In one embodiment, a method includes, for each of a plurality of entities, receiving a set of variables that are indicative of attributes of an entity, comparing the sets of variables for the plurality of entities to each other, locating clusters of similar variables shared between two or more of the plurality of entities, calculating a diversity score that represents how different the plurality of entities are to one another based on variables that are not shared between the plurality of entities, receiving feedback from an end user in response to providing the diversity score to the end user and updating the diversity score in response to the feedback. The variables and attributes may be used to calculate a diversity score regarding aggregate cyber security risk, for use in planning so as to increase that diversity.