Search

US-12626206-B2 - Determining relative risk in a network system

US12626206B2US 12626206 B2US12626206 B2US 12626206B2US-12626206-B2

Abstract

Relative risk in a network system can be determined according to some examples. For example, a computing system can determine a hierarchy of groupings for risk factors within a network based on risk data associated with the risk factors. The computing system can determine associations between the risk data and the risk controls. Each risk control can represent an amount of control for reducing riskiness of a risk factor. The computing system can determine a risk assessment for each grouping of the hierarchy of groupings based on the risk data, the risk controls, and the hierarchy of groupings. Determining the risk assessment can include determining a control coverage for each grouping based on the associations and the risk data. The computing system can output the risk assessment for each grouping of the hierarchy of groupings for display on a graphical user interface.

Inventors

  • Jason C. Sheppard
  • Jennifer Dick

Assignees

  • TRUIST BANK

Dates

Publication Date
20260512
Application Date
20220623

Claims (17)

  1. 1 . A system comprising: a processor; and a non-transitory computer-readable memory comprising instructions that are executable by the processor for causing the processor to: determine a hierarchy of groupings for a plurality of risk factors within a network based on risk data of a plurality of risk data associated with each of the plurality of risk factors, a risk factor of the plurality of risk factors being a network security risk factor, and the hierarchy of groupings comprising a first grouping and a second grouping, the first grouping comprising a first subset of the plurality of risk factors, and the second grouping comprising the first subset of the plurality of risk factors and a second subset of the plurality of risk factors; subsequent to determining the hierarchy of groupings of for the plurality of risk factors: determine, for each risk factor of the plurality of risk factors, a risk control of a plurality of risk controls based on the risk control reducing an amount of risk associated with the risk factor, wherein the risk control for the network security risk factor is a two-factor authentication requirement that is not implemented in the network; determine, for each risk control of the plurality of risk controls, a risk control value between 0 and 1 that represents an amount of risk reduction associated with the risk control of the plurality of risk controls; generate a risk assessment for each risk factor of the plurality of risk factors based on the plurality of risk data and the plurality of risk controls, wherein generating the risk assessment for each risk factor of the plurality of risk factors comprises, for each risk factor: generating, using the risk data, an inherent risk value, the inherent risk value representing a level of risk associated with the risk factor when the risk control is not implemented; generating, using the risk data and the risk control value for the risk control, a residual risk value representing a level of risk associated with the risk factor when the risk control is implemented; determine, based on the risk assessment for each of the plurality of risk factors, a cumulative control coverage for the plurality of risk factors, the cumulative control coverage comprising a control strength value indicating a proportion of an overall inherent risk score for the plurality of risk factors that is covered by one or more risk controls of the plurality of risk controls that are implemented in the network, wherein the overall inherent risk score is an accumulation of the inherent risk value for each risk factor of the plurality of risk factors; output the risk assessment for each risk factor of the plurality of risk factors for display on a graphical user interface, the graphical user interface comprising a range plot comprising a first indicator representing the overall inherent risk score and a second indicator representing an overall residual risk score, wherein the overall residual risk score is an accumulation of the residual risk value for each risk factor of the plurality of risk factors; compare the control strength value to a predetermined threshold; and cause, based on the control strength value being below a predetermined threshold, implementation of an additional risk control in the network for the network security risk factor by implementing the two-factor authentication requirement in the network, wherein implementing the two-factor authentication requirement in the network increases the control strength value for the plurality of risk factors in the network.
  2. 2 . The system of claim 1 , wherein the instructions are further executable by the processor for causing the processor to: identify, based on the cumulative control coverage, a subset of the plurality of risk controls that are not implemented in the network to prioritize to increase the control strength value.
  3. 3 . The system of claim 2 , wherein the instructions are further executable by the processor for causing the processor to identify the subset of the plurality of risk controls to prioritize by: identifying the subset of the plurality of risk controls that are not associated with an improvement plan.
  4. 4 . The system of claim 1 , wherein the instructions are further executable by the processor for causing the processor to: generate a recommendation to increase the control strength value.
  5. 5 . The system of claim 1 , wherein the instructions are further executable by the processor for causing the processor to generate the risk assessment for each of the plurality of risk factors by: determining a risk progress value by comparing the residual risk value for each of the plurality of risk factors with a predetermined acceptable risk level.
  6. 6 . The system of claim 5 , wherein the instructions are further executable by the processor for causing the processor to output the risk assessment for each risk factor of the plurality of risk factors by: displaying, on the graphical user interface, the inherent risk value, the residual risk value, and the predetermined acceptable risk level for the first subset of the plurality of risk factors associated with the first grouping of the hierarchy of groupings on a range diagram; and displaying, on the graphical user interface, a ranking of the hierarchy of groupings according to the residual risk value for each of the plurality of risk factors in each grouping of the hierarchy of groupings.
  7. 7 . A method comprising: determining a hierarchy of groupings for a plurality of risk factors within a network based on risk data of a plurality of risk data associated with each of the plurality of risk factors, a risk factor of the plurality of risk factors being a network security risk factor, and the hierarchy of groupings comprising a first grouping and a second grouping, the first grouping comprising a first subset of the plurality of risk factors, and the second grouping comprising the first subset of the plurality of risk factors and a second subset of the plurality of risk factors; subsequent to determining the hierarchy of groupings for the plurality of risk factors: determining, for each risk factor of the plurality of risk factors, a risk control of a plurality of risk controls based on the risk control reducing an amount of risk associated with the risk factor, wherein the risk control for the network security risk factor is a two-factor authentication requirement that is not implemented in the network; determining, for each risk control of the plurality of risk controls, a risk control value between 0 and 1 that represents an amount of risk reduction associated with the risk control of the plurality of risk controls; generating a risk assessment for each of the plurality of risk factors based on the plurality of risk data and the plurality of risk controls, wherein generating the risk assessment for each of risk factor the plurality of risk factors comprises, for each risk factor: generating, using the risk data, an inherent risk value, the inherent risk value representing a level of risk associated with the risk factor when the risk control is not implemented; generating, using the risk data and the risk control value for the risk control, a residual risk value representing a level of risk associated with the risk factor when the risk control is implemented; determining, based on the risk assessment for each of the plurality of risk factors, a cumulative control coverage for the plurality of risk factors, the cumulative control coverage comprising a control strength value indicating a proportion of an overall inherent risk score for the plurality of risk factors that is covered by one or more risk controls of the plurality of risk controls that are implemented in the network, wherein the overall inherent risk score is an accumulation of the inherent risk value for each risk factor of the plurality of risk factors; outputting the risk assessment for each risk factor of the plurality of risk factors for display on a graphical user interface, the graphical user interface comprising a range plot comprising a first indicator representing the overall inherent risk score and a second indicator representing an overall residual risk score, wherein the overall residual risk score is an accumulation of the residual risk value for each risk factor of the plurality of risk factors; comparing the control strength value to a predetermined threshold; and causing, based on the control strength value being below a predetermined threshold, implementation of an additional risk control in the network for the network security risk factor by implementing the two-factor authentication requirement in the network, wherein implementing the two-factor authentication requirement in the network increases the control strength value for the plurality of risk factors in the network.
  8. 8 . The method of claim 7 , wherein the method further comprises: identify, based on the cumulative control coverage, a subset of the plurality of risk controls that are not implemented in the network to prioritize to increase the control strength value.
  9. 9 . The method of claim 8 , wherein the method further comprises identifying the subset of the plurality of risk controls to prioritize by: identifying the subset of the plurality of risk controls that are not associated with an improvement plan.
  10. 10 . The method of claim 7 , wherein the method further comprises generating a recommendation to increase the control strength value.
  11. 11 . The method of claim 7 , wherein the method further comprises generating the risk assessment for each of the plurality of risk factors by: determining a risk progress value by comparing the residual risk value for each of the plurality of risk factors with a predetermined acceptable risk level.
  12. 12 . The method of claim 11 , wherein the method further comprises outputting the risk assessment for each risk factor of the plurality of risk factors by: displaying, on the graphical user interface, the inherent risk value, the residual risk value, and the predetermined acceptable risk level for the first subset of the plurality of risk factors associated with the first grouping of the hierarchy of groupings on a range diagram; and displaying, on the graphical user interface, a ranking of the hierarchy of groupings according to the residual risk value for each of the plurality of risk factors in each grouping of the hierarchy of groupings.
  13. 13 . A non-transitory computer-readable medium comprising program code that is executable by a processor for causing the processor to: determine a hierarchy of groupings for a plurality of risk factors within a network based on risk data of a plurality of risk data associated with each of the plurality of risk factors, a risk factor of the plurality of risk factors being a network security risk factor, and the hierarchy of groupings comprising a first grouping and a second grouping, the first grouping comprising a first subset of the plurality of risk factors, and the second grouping comprising the first subset of the plurality of risk factors and a second subset of the plurality of risk factors; subsequent to determining the hierarchy of groupings for the plurality of risk factors: determine, for each risk factor of the plurality of risk factors, a risk control of a plurality of risk controls based on the risk control reducing an amount of risk associated with the risk factor, wherein the risk control for the network security risk factor is a two-factor authentication requirement that is not implemented in the network; determine, for each risk control of the plurality of risk controls, a risk control value between 0 and 1 that represents an amount of risk reduction associated with the risk control of the plurality of risk controls; generate a risk assessment for each of the plurality of risk factors based on the plurality of risk data and the plurality of risk controls, wherein generating the risk assessment for each risk factor of the plurality of risk factors comprises, for each risk factor: generating, using the risk data, an inherent risk value, the inherent risk value representing a level of risk associated with the risk factor when the risk control is not implemented; generating, using the risk data and the risk control value for the risk control, a residual risk value representing a level of risk associated with the risk factor when the risk control is implemented; determine, based on the risk assessment for each of the plurality of risk factors, a cumulative control coverage for the plurality of risk factors, the cumulative control coverage comprising a control strength value indicating a proportion of an overall inherent risk score for the plurality of risk factors that is covered by one or more risk controls of the plurality of risk controls that are implemented in the network, wherein the overall inherent risk score is an accumulation of the inherent risk value for each risk factor of the plurality of risk factors; output the risk assessment for each risk factor of the plurality of risk factors for display on a graphical user interface, the graphical user interface comprising a range plot comprising a first indicator representing the overall inherent risk score and a second indicator representing an overall residual risk score, wherein the overall residual risk score is an accumulation of the residual risk value for each risk factor of the plurality of risk factors; compare the control strength value to a predetermined threshold; and cause, based on the control strength value being below a predetermined threshold, implementation of an additional risk control in the network for the network security risk factor by implementing the two-factor authentication requirement in the network, wherein implementing the two-factor authentication requirement in the network increases the control strength value for the plurality of risk factors in the network.
  14. 14 . The non-transitory computer-readable medium of claim 13 , wherein the program code is further executable by the processor for causing the processor to: identify, based on the cumulative control coverage, a subset of the plurality of risk controls that are not implemented in the network to prioritize to increase the control strength value.
  15. 15 . The non-transitory computer-readable medium of claim 14 , wherein the program code is further executable by the processor for causing the processor to identify the subset of the plurality of risk controls to prioritize by: identifying the subset of the plurality of risk controls that are not associated with an improvement plan.
  16. 16 . The non-transitory computer-readable medium of claim 13 , wherein the program code is further executable by the processor for causing the processor to: generate a recommendation to increase control strength value.
  17. 17 . The non-transitory computer-readable medium of claim 13 , wherein the program code is further executable by the processor for causing the processor to generate the risk assessment for each of the plurality of risk factors by: determining a risk progress value by comparing the residual risk value for each of the plurality of risk factors with a predetermined acceptable risk level.

Description

CROSS-REFERENCE TO RELATED APPLICATION This is a continuation-in-part of, and claims priority to, U.S. Non-Provisional application Ser. No. 17/730,300, filed Apr. 27, 2022 and titled “Determining Relative Risk In A Network System,” which claims priority to U.S. Provisional Application Ser. No. 63/182,220, filed Apr. 30, 2021 and titled “Determining Risk in a Network System for Technology Analytics,” the entirety of each of which is incorporated herein by reference. TECHNICAL FIELD The present disclosure relates network systems and, more particularly (although not necessarily exclusively), to determining relative risk in network systems. BACKGROUND Separate data systems in a network can include different types of data in different formats. Integrating data from separate systems may be an involved process that takes a significant amount of time, requires significant computing power, and is often a technically challenging process. Even data in the separate systems that is the same type may be in different formats or represented differently. When two entities, even entities that focus on the same thing, combine in some manner, often the data in the separate systems of the entities can be in different formats. SUMMARY One example of the present disclosure includes a system comprising a processor and a non-transitory computer-readable memory. The non-transitory computer-readable memory can include instructions that are executable by the processor for causing the processor to perform operations. The operations can include determining a hierarchy of groupings for a plurality of risk factors within a network based on a plurality of risk data associated with the plurality of risk factors. The operations can include determining a plurality of associations between the plurality of risk data and a plurality of risk controls, each risk control of the plurality of risk controls representing an amount of control for reducing riskiness of a risk factor of the plurality of risk factors. The operations can include determining a risk assessment for each grouping of the hierarchy of groupings based on the plurality of risk data, the plurality of risk controls, and the hierarchy of groupings. Determining the risk assessment can include determining, based on the plurality of associations and the risk data, a control coverage for the grouping. The operations can include outputting the risk assessment for each grouping of the hierarchy of groupings for display on a graphical user interface. Another example of the present disclosure can include a method. The method can involve determining, by a processor, a hierarchy of groupings for a plurality of risk factors within a network based on a plurality of risk data associated with the plurality of risk factors. The method can include determining, by the processor, a plurality of associations between the plurality of risk data and a plurality of risk controls, each risk control of the plurality of risk controls representing an amount of control for reducing riskiness of a risk factor of the plurality of risk factors. The method can include determining, by the processor, a risk assessment for each grouping of the hierarchy of groupings based on the plurality of risk data, the plurality of risk controls, and the hierarchy of groupings. Determining the risk assessment can include determining, by the processor and based on the plurality of associations and the risk data, a control coverage for the grouping. The method can include outputting, by the processor, the risk assessment for each grouping of the hierarchy of groupings for display on a graphical user interface. Still another example of the present disclosure can include a non-transitory computer-readable medium comprising program code that is executable by a processor for causing the processor to perform operations. The operations can include determining a hierarchy of groupings for a plurality of risk factors within a network based on a plurality of risk data associated with the plurality of risk factors. The operations can include determining a plurality of associations between the plurality of risk data and a plurality of risk controls, each risk control of the plurality of risk controls representing an amount of control for reducing riskiness of a risk factor of the plurality of risk factors. The operations can include determining a risk assessment for each grouping of the hierarchy of groupings based on the plurality of risk data, the plurality of risk controls, and the hierarchy of groupings. Determining the risk assessment can include determining, based on the plurality of associations and the risk data, a control coverage for the grouping. The operations can include outputting the risk assessment for each grouping of the hierarchy of groupings for display on a graphical user interface. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic of an example of a network system for determining risk assessments according to one asp