Abstract: A network security assessment apparatus includes a memory and a processor. The memory stores first, second, and third values of a metric. The metric indicates one or more of a number of network security breaches and a number of fraudulent transactions. The processor chronologically orders the first, second, and third values for the metric over a period of time and compares the first, second, and third values against a threshold to produce first, second, and third results. If the first result is different from the second result or if the second result is different from the third result, the processor increments a volatility count. The processor determines, based on the volatility count, that a control should be implemented to mitigate one or more of the number of network security breaches and the number of fraudulent transactions and in response to that determination, the processor implements the control.

Abstract: An intrusion assessment apparatus includes a memory and a processor. The memory stores first and second records and first, second, and third keywords. The processor determines a number of occurrences of the first, second, and third keywords in the first and second records and assigns the first record to a first cluster and the second record to a second cluster. The processor also determines a per-record average number of occurrences of the keywords in a plurality of records assigned to the first cluster and in a plurality of records assigned to the second cluster and receives a search request indicating the keywords and an emphasis value for each keyword. The processor also determines that the first cluster should be returned in response to the request and transmits, based on that determination, the first record.

Abstract: An intrusion assessment apparatus includes a memory and a processor. The memory stores first and second records and first, second, and third keywords. The processor determines a number of occurrences of the first, second, and third keywords in the first and second records and assigns the first record to a first cluster and the second record to a second cluster. The processor also determines a per-record average number of occurrences of the keywords in a plurality of records assigned to the first cluster and in a plurality of records assigned to the second cluster and receives a search request indicating the keywords and an emphasis value for each keyword. The processor also determines that the first cluster should be returned in response to the request and transmits, based on that determination, the first record.

Abstract: A network security assessment apparatus includes a memory and a processor. The memory stores first, second, and third values of a metric. The metric indicates one or more of a number of network security breaches and a number of fraudulent transactions. The processor chronologically orders the first, second, and third values for the metric over a period of time and compares the first, second, and third values against a threshold to produce first, second, and third results. If the first result is different from the second result or if the second result is different from the third result, the processor increments a volatility count. The processor determines, based on the volatility count, that a control should be implemented to mitigate one or more of the number of network security breaches and the number of fraudulent transactions and in response to that determination, the processor implements the control.

Abstract: According to embodiments of the present disclosure, a keyword frequency analysis system stores a plurality of sets of records. Each set of records may be associated with a dimension and may comprise a first keyword and a second keyword. The system may also receive the plurality of sets of records, determine a frequency of the first keyword in each set of records and determine a frequency of the second keyword in each set of records. The system may further determine an expected frequency of the first keyword in a first set of records associated with a first dimension, based on the frequency of the first keyword and the frequency of the second keyword. The system also compares the frequency of the first keyword and the expected frequency and, based on the comparison, determines whether the first keyword is either overrepresented or underrepresented in the first set of records.

Abstract: According to embodiments of the present disclosure, a keyword frequency analysis system stores a plurality of sets of records. Each set of records may be associated with a dimension and may comprise a first keyword and a second keyword. The system may also receive the plurality of sets of records, determine a frequency of the first keyword in each set of records and determine a frequency of the second keyword in each set of records. The system may further determine an expected frequency of the first keyword in a first set of records associated with a first dimension, based on the frequency of the first keyword and the frequency of the second keyword. The system also compares the frequency of the first keyword and the expected frequency and, based on the comparison, determines whether the first keyword is either overrepresented or underrepresented in the first set of records.

Abstract: A system may include an interface, a memory, and one or more processors. The system receives a request to determine a significance of a first keyword and accesses a first record comprising the first keyword. The system determines a first risk score of the first record and assigns the first risk score of the first record as a first keyword instance score associated with the first keyword. The system determines the significance of the first keyword based at least in part upon the first keyword instance score. The system analyzes the significance of the first keyword.

Abstract: Unstructured data is received from a plurality of sources to facilitate risk analysis. The unstructured data comprises a plurality of bodies of text. Each body of text from the unstructured data is deconstructed into individual terms. The individual terms from each body of text are converted into a structured form. The individual terms in the structured form are categorized according to a comparison of the structured form to another structured form. The individual terms in the structured form are quantified according to at least the categorization of the individual terms.

Abstract: Apparatus and methods described herein may rapidly identify emerging risks that may impact an entity. Methods may update and identify emerging risks on a frequent basis. Using an electronic form, information may be collected from a filtered set of experts. The set of experts may be “filtered” based on the emerging risk and a scope of the emerging risk. The information may include the experts' responses to a set of questions. The information may include values on absolute scales. The information may be analyzed to determine variation in the responses of the experts. The information may be aggregated across a plurality of emerging risks and across a plurality of lines-of-business. Based on the information, a convergence point may be determined. The convergence point may identify a time at which a combined impact of each of the plurality of emerging risks exceeds a risk threshold of an entity.

Abstract: To identify outlier risks, a risk assessment is received from a first computer, and the risk assessment comprises a plurality of risks and each risk comprises a plurality of words and a plurality of attributes. A risk category associated with the risk assessment is received from a second computer, and the risk category is based on the plurality of words and the plurality of attributes and the risk category is a selected one of a high risk category and a not-high risk category. A word count is calculated for each word in each risk category. A probability score is also calculated for each word to generate a plurality of probability scores associated with the risk, and a risk score is calculated for each risk and is based on the plurality of probability scores associated with the risk. A distribution is generated that indentifies the high risk category and the not-high risk category, and the distribution identifies the risk score in the associated risk category.

Abstract: Unstructured data is received from a plurality of sources to facilitate risk analysis. The unstructured data comprises a plurality of bodies of text. Each body of text from the unstructured data is deconstructed into individual terms. The individual terms from each body of text are converted into a structured form. The individual terms in the structured form are categorized according to a comparison of the structured form to another structured form. The individual terms in the structured form are quantified according to at least the categorization of the individual terms.

Abstract: According to one example, a test portfolio optimization system includes a test repository, an activity repository, an exception repository, and an optimization engine. The optimization engine is operable to generate a plurality of test portfolios. Each test portfolio comprises different types of tests of a plurality of tests. The optimization engine is also operable to determine a test cost for each portfolio over the period of time. The test cost for each portfolio is equal to a sum of costs for each test type within the portfolio over the period of time. The optimization engine is also operable to determine an impact per portfolio period of time. The impact per portfolio is equal to a sum of impacts per test type for each test type over the period of time.

Abstract: Systems and methods for determining the likelihood that a group of transactions may be structured to avoid a limit or reporting requirement, such as a government reporting requirement, are disclosed. The frequency distributions of a customer's transactions for different value ranges are compared to determine whether transactions within a target range occur randomly or at an unexpected level. In another embodiment, the frequency distribution of a customer's transactions is compared to a frequency distribution created by randomly sampling a distribution of similar transactions to determine whether the customer's transactions occur randomly.

Abstract: According to one example, a test portfolio optimization system includes a test repository, an activity repository, an exception repository, and an optimization engine. The optimization engine is operable to generate a plurality of test portfolios. Each test portfolio comprises different types of tests of a plurality of tests. The optimization engine is also operable to determine a test cost for each portfolio over the period of time. The test cost for each portfolio is equal to a sum of costs for each test type within the portfolio over the period of time. The optimization engine is also operable to determine an impact per portfolio period of time. The impact per portfolio is equal to a sum of impacts per test type for each test type over the period of time.

Abstract: Systems and methods for determining the likelihood that a group of transactions may be structured to avoid a limit or reporting requirement, such as a government reporting requirement, are disclosed. The frequency distributions of a customer's transactions for different value ranges are compared to determine whether transactions within a target range occur randomly or at an unexpected level. In another embodiment, the frequency distribution of a customer's transactions is compared to a frequency distribution created by randomly sampling a distribution of similar transactions to determine whether the customer's transactions occur randomly.

Abstract: Systems and methods for determining the likelihood that a group of transactions may be structured to avoid a limit or reporting requirement, such as a government reporting requirement, are disclosed. The frequency distributions of a customer's transactions for different value ranges are compared to determine whether transactions within a target range occur randomly or at an unexpected level. In another embodiment, the frequency distribution of a customer's transactions is compared to a frequency distribution created by randomly sampling a distribution of similar transactions to determine whether the customer's transactions occur randomly.