Abstract: Computer-implemented methods are provided herein for quantifying correlated risk in a network of a plurality of assets having at least one dependency, where each asset belongs to at least one entity. The method includes generating a dependency graph based on relationships between the assets, at least one dependency, and at least one entity, and executing a plurality of Monte Carlo simulations over the dependency graph. Executing a plurality of Monte Carlo simulations includes generating a seed event in the dependency graph, where the seed event has a probability distribution, and propagating disruption through the dependency graph based on the seed event. The method further includes assessing loss for each of the assets, and aggregating losses for two or more assets to determine correlated risk in the network.

Abstract: Among other things, information is obtained by computer about Internet-related assets of organizations. The information is used to identify relationships between the organizations with respect to the assets. The information about the identified relationships is made available for display or analysis or both.

Abstract: A method and system for creating a composite security rating from security characterization data of a third party computer system. The security characterization data is derived from externally observable characteristics of the third party computer system. Advantageously, the composite security score has a relatively high likelihood of corresponding to an internal audit score despite use of externally observable security characteristics. Also, the method and system may include use of multiple security characterizations all solely derived from externally observable characteristics of the third party computer system.

Abstract: Among other things, customer account data is received from a service provider. The customer account data is representative of relationships that exist at successive times between digital assets provided by the service provider and respective entities to whom the digital assets are provided by the service provider. The received data is used to update a database to represent mappings of digital assets to respective entities to whom the digital assets are provided at one of the successive times, changes in the mappings between successive times, or both.

Abstract: The invention relates to object storage and methods systems for storing data objects that overcome the pitfalls of using traditional object storage systems. Advantages include an easily searchable database and multiversion concurrency control meaning one version of the database may be read from and written to at the same time.

Abstract: Among other things, information is acquired and stored that is indicative of security risks associated with security subjects and with entities to which the security subjects belong. The stored information is analyzed by computer to derive security indicators for the entities. With respect to entities selected by the users, security information is presented by computer to users. The security information includes security indicators for the entities and security information for security subjects. The security information for security subjects includes annotations provided by users. The annotations are managed by computer based on communications from the users.

Abstract: Among other things, traces are received of activities of an online user who is associated with an entity. By analysis of the traces a security state of the entity is inferred. Also, a map is generated between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets. At least part of the generating of the map is done automatically. A user can be engaged to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities.

Abstract: A method and system for creating a composite security rating from security characterization data of a third party computer system. The security characterization data is derived from externally observable characteristics of the third party computer system. Advantageously, the composite security score has a relatively high likelihood of corresponding to an internal audit score despite use of externally observable security characteristics. Also, the method and system may include use of multiple security characterizations all solely derived from externally observable characteristics of the third party computer system.