Abstract: An audit schedule is determined from a database storing a master data set comprising audit events, system parameters, and resources. Audit events are grouped according to information of the master data set, for example shared units (e.g., product, service, organization, risk level, audit type, etc.). Audit groups are prioritized by factors such as unit priority and audit duration. A random audit event within the group is chosen, and then a time slot is selected according to a desired distribution (e.g., left-to-right), determining resource availability for that slot. The procedure may optionally consider additional constraints (e.g., manually added, national holidays, auditor availability) outside the master data set. The procedure shuffles through audit events of the group with the highest priority, and then through audit events of lower priority groups, filling out the audit schedule according to resource availability and constraints. Audit schedule changes are recorded in a change log data object.

Abstract: A virtual testing environment VTE is instantiated for automated measurement of performance of a security monitoring system (SMS). Predefined attacks are executed against a cloned version of a monitored system in the VTE. The predefined attacks are defined at an attack catalog. Based on an execution result of the predefined attacks, a detection rate of the SMS at the VTE and a protection level of the cloned version of the monitored system are measured. Based on the detection rate and the protection level, an action for improving SMS and the protection of the monitored system is determined. Based on the determined action, logic modifications related to SMS and improvement on protection measures for the monitored system are performed.

Abstract: A virtual testing environment VTE is instantiated for automated measurement of performance of a security monitoring system (SMS). Predefined attacks are executed against a cloned version of a monitored system in the VTE. The predefined attacks are defined at an attack catalog. Based on an execution result of the predefined attacks, a detection rate of the SMS at the VTE and a protection level of the cloned version of the monitored system are measured. Based on the detection rate and the protection level, an action for improving SMS and the protection of the monitored system is determined. Based on the determined action, logic modifications related to SMS and improvement on protection measures for the monitored system are performed.

Abstract: An audit schedule is determined from a database storing a master data set comprising audit events, system parameters, and resources. Audit events are grouped according to information of the master data set, for example shared units (e.g., product, service, organization, risk level, audit type, etc.). Audit groups are prioritized by factors such as unit priority and audit duration. A random audit event within the group is chosen, and then a time slot is selected according to a desired distribution (e.g., left-to-right), determining resource availability for that slot. The procedure may optionally consider additional constraints (e.g., manually added, national holidays, auditor availability) outside the master data set. The procedure shuffles through audit events of the group with the highest priority, and then through audit events of lower priority groups, filling out the audit schedule according to resource availability and constraints. Audit schedule changes are recorded in a change log data object.

Abstract: Techniques for managing risks of a business enterprise include identifying a threat to a business enterprise; identifying, based on the threat, a plurality of business enterprise assets and associated impacts; determining a plurality of threat scenarios, each threat scenario including a qualitative probability and a qualitative impact; assigning a quantitative probability and a quantitative impact to each of the plurality of scenarios based on an evaluation of the qualitative probability and the qualitative impact in a risk matrix; determining, with a simulation model, a quantitative risk of the identified threat based on the assigned quantitative probability and quantitative impact; and preparing an output including the determined quantitative risk of the identified threat for display.

Abstract: Various embodiments of systems and methods for determination of the regulatory compliance level are described herein. The method uses a single set of controls as a basis for calculation of compliance to different regulations. Scale based definition of controls, joined with requirements matrix, allows flexible integration of a new regulation without changes on controls itself. The decoupling of requirements from controls and definition of the implementation scale enables independent reporting about control implementation without considering of regulatory requirements. Therefore, one reporting round, which provides status of controls implementation, can be used for calculation of compliance to many regulations.