Bank of America Corporation
RELIABILITY OF INFORMATION SECURITY CONTROLS FOR ATTACK READINESS

Abstract:

A target device stores secure information and one or more security tools configured to protect against unauthorized access of the secure information. A first database stores profiles for each of a set of predefined attack groups. Each profile includes a set of attack techniques used by the corresponding attack group and, for each attack technique, a corresponding set of mitigations. A second database stores control policies. Each control policy is associated with a set of security tools that protect against unauthorized access of the secure information stored by the target device. A controls monitor determines an attack controls superset based on the profiles and control policies. A controls health dashboard receives a user query and provides a representation of a portion of the attack controls superset that is associated with the received query.