Abstract: A method includes aggregating network data associated with assets included in the network and associated with an organization, extracting defect features associated with the assets based on control data associated with the network and asset data associated with the assets, extracting threat features related to the organization, an industry associated with the organization, or the assets, determining risk information respectively associated with the assets based on the extracted threat features and the extracted defect features, generating a network graph based on the aggregated network data and the risk information, wherein each node in the network graph represents a respective asset included in the network, performing an automated analysis of the network graph, and generating a task plan based on performing the automated analysis of the network graph. Generating the task plan includes prioritizing individual assets or sets of connected assets in a defined neighborhood of the network.

Abstract: A method and system for risk-adaptive security investment optimization using asset-centric risk quantification to estimate risk levels and establish a cyber program that maximizes the impact of cyber spend on risk reduction while taking into account changes in the threat landscape, control environment and infrastructure of an organization. The method and apparatus can be used to identify and measure information security risks across a plurality of information systems based on various estimated losses associated with individual assets, likelihoods of cyber threats applicable to information technology assets in their Computing environment as well as assurance levels of cybersecurity controls to counteract threats. Based on the risks measured the method and apparatus automatically generates a risk-tailored, impact-maximizing security program focusing on systemic and individual control issues in a network of inter-connected assets.

Abstract: The invention is concerned with a method and an apparatus for automatic comparison of at least two data sequences characterized in—an evaluation of a local relationship between any pair of subsequences in two or more sequences; —an evaluation of a global relationship by means of aggregation of the evaluations of said local relationships.