CPC G06F 21/577 (2013.01) [G06F 16/215 (2019.01)] | 18 Claims |
1. A method for managing vulnerability data, comprising:
ingesting, by a data ingestion engine, vulnerability data from a plurality of sources;
normalizing, by a data normalizer module, the vulnerability data into a plurality of data records, each data record having a predefined format and a plurality of pre-defined fields;
generating, by a data processing module, a dynamic risk score for each data record, wherein the dynamic risk score is based on one or more rules, and is further based on an asset sensitivity for an asset associated with a vulnerability associated with the data record, wherein the asset sensitivity is based on a confidentiality impact on the asset, an integrity impact on the asset, and an availability impact on the asset;
storing, by a risk record register, a risk record for each data record, wherein the risk record comprises the dynamic risk score, a priority level, an identifier for a software application, and a software dependency;
selecting, by a control policy selection engine, a control policy based on one of the dynamic risk scores;
implementing, by the risk record register, the selected control policy;
monitoring, by the risk record register, implementation of the control policy; and
updating, by the risk record register, the control policy selection engine based on the monitoring.
|