Bank of America Corporation
Information security vulnerability assessment system

Abstract:

Embodiments of the invention are directed to systems, methods, and computer program products for real-time generation and deployment of specific user information security vulnerability levels based on vulnerability assessments for the user. The invention utilizes a two-component system to detect security vulnerabilities for a user, generate a coherent vulnerability level for the user in real-time, and provides user specific mitigation actions depending on each user vulnerability assessment. The first component of the system is an information threat assessment engine, which identifies and/or receives external and internal data regarding users to determine information security threats. The second component is an analytics engine, which is configured to generate vulnerability levels and specific mitigation actions for the user based on threat patterning.