Abstract: Some embodiments help manage cybersecurity insider risk. An authorized user influence pillar value is based on an influence signal representing the user's actual or potential influence in a computing environment. An authorized user access pillar value is based on an access signal representing the user's actual or potential access to resources. An impact risk value is calculated as a weighted combination of the pillar values. In response, an embodiment automatically adjusts a cybersecurity characteristic, such as a security risk score, security group membership, threat detection mechanism, or alert threshold. In some cases, impact risk is also based on a cumulative potential exfiltration anomaly access signal. In some cases, impact risk is based on one or more values which represent user public visibility, user social network influence, brand damage risk, resource mission criticality, access request response speed or success rate, or a known cybersecurity attack.

Abstract: Systems and methods relating to a method for generating a threat analysis and modeling tool are described. In an implementation, aggregate analysis is performed upon applications of an enterprise for complete risk management of the enterprise. The threat analysis model is generated by defining the application, its attributes and the rules related to the application. An application task list is generated from a common task list for the application. Countermeasures for known attacks pertaining to the application are described in the application task list, which allows the developer to reduce the risk of attacks.

Abstract: Systems and methods relating to a method for generating a threat analysis and modeling tool are described. In an implementation, aggregate analysis is performed upon applications of an enterprise for complete risk management of the enterprise. The threat analysis model is generated by defining the application, its attributes and the rules related to the application. An application task list is generated from a common task list for the application. Countermeasures for known attacks pertaining to the application are described in the application task list, which allows the developer to reduce the risk of attacks.