Prioritized remediation of information security vulnerabilities based on service model aware multi-dimensional security risk scoring

What is claimed is: 1. A method for securing a service implemented on a computer network, the method comprising: identifying network assets in the computer network used by the service; identifying vulnerabilities in one or more of the network assets, each vulnerability having one or more vulnerability risk dimensions weighted by a risk value for each of the vulnerability risk dimensions; based on the identified vulnerabilities, determining an asset risk score for each of the network assets by applying a criticality value to a sum of the one or more vulnerability risk dimensions as weighted by the risk value for each of the vulnerability risk dimensions; based on the determined asset risk scores of the network assets, determining a service risk score for the service; prioritizing implementation of a plurality of vulnerability remediation actions in a priority order based on effects on the service risk score, wherein the priority order is based on a reduction of the service risk score; and implementing one or more of the plurality of vulnerability remediation actions based on the priority order. 2. The method of claim 1 , wherein identifying network assets in the computer network used by the service includes describing dependencies of the network assets in the computer network. 3. The method of claim 1 , further comprising: simulating the effects of the plurality of vulnerability remediation actions on the service risk score. 4. The method of claim 1 , wherein the one or more vulnerability risk dimensions correspond to a vulnerability type detected by one or more network security tools. 5. The method of claim 1 , wherein the risk value for each vulnerability risk dimension includes information obtained from one or more network security tools. 6. The method of claim 1 , further comprising assigning the criticality value to each of the network assets using criticality value propagation rules. 7. The method of claim 6 , wherein determining the service risk score for the service includes aggregating the asset risk scores of the network assets used by the service. 8. A computer system to secure a service implemented on a computer network, the computer system comprising: a computing device including at least one processor and at least one memory, the at least one memory including instructions that, when executed by the at least one processor, cause the at least one processor to implement: a service model module configured to identify network assets in the computer network used by the service; a security tools data module configured to receive data identifying vulnerabilities in one or more of the network assets, each vulnerability having one or more vulnerability risk dimensions weighted by a risk value for each of the vulnerability risk dimensions; a risk score calculator configured to determine an asset risk score for each of the network assets used by the service based on the identified vulnerabilities and to determine a service risk score for the service based on the determined asset risk score of each of the network assets by applying a criticality value to a sum of the one or more vulnerability risk dimensions as weighted by the risk value for each of the vulnerability risk dimensions; and a prioritization simulator configured to: prioritize implementation of a plurality of vulnerability remediation actions in a priority order based on effects on the service risk score, wherein the priority order is based on a reduction of the service risk score; and implement one or more of the plurality of vulnerability remediation actions based on the priority order. 9. The computer system of claim 8 , wherein the service model module is configured to identify dependencies of the network assets in the computer network used by the service. 10. The computer system of claim 8 , wherein the prioritization simulator is further configured to: simulate the effects of the plurality of vulnerability remediation actions on the service risk score. 11. The computer system of claim 8 , wherein the one or more vulnerability risk dimensions correspond to a vulnerability type detected by one or more network security tools. 12. The computer system of claim 8 , wherein the risk value for each vulnerability risk dimension includes information obtained from one or more network security tools. 13. The computer system of claim 8 , wherein the risk score calculator is configured to assign the criticality value to each of the network assets using criticality value propagation rules. 14. The computer system of claim 8 , wherein the risk score calculator is configured to determine the service risk score for the service by aggregating the asset risk scores of the network assets used by the service. 15. A computer program product including instructions recorded on a non-transitory computer-readable storage medium and configured to cause at least one processor to secure a service implemented on a computer network, the instructions including instructions that when executed by the at least one processor cause the at least one processor to: identify network assets in the computer network used by the service; identify vulnerabilities in one or more of the network assets, each vulnerability having one or more vulnerability risk dimensions weighted by a risk value for each of the vulnerability risk; based on the identified vulnerabilities, determine an asset risk score for each of the network assets by applying a criticality value to a sum of the one or more vulnerability risk dimensions as weighted by the risk value for each of the vulnerability risk dimensions; based on the determined asset risk scores of the network assets, determine a service risk score for the service; prioritize implementation of a plurality of vulnerability remediation actions in a priority order based on effects on the service risk score, wherein the priority order is based on a reduction of the service risk score; and implement one or more of the plurality of vulnerability remediation actions based on the priority order. 16. The computer program product of claim 15 , wherein the instructions include instructions that, when executed, cause the at least one processor to: include descriptions of dependencies of the network assets in the computer network when identifying the network assets in the computer network used by the service. 17. The computer program product of claim 15 , wherein the instructions include instructions that, when executed, cause the at least one processor to: simulate the effects of the plurality of vulnerability remediation actions on the service risk score. 18. The computer program product of claim 15 , wherein the one or more vulnerability risk dimensions correspond to a vulnerability type detected by one or more network security tools. 19. The computer program product of claim 15 , wherein the risk value for each vulnerability risk dimension includes information obtained from one or more network security tools. 20. The computer program product of claim 18 , further comprising instructions that, when executed, cause the at least one processor to: assign the criticality value to each of the network assets using criticality value propagation rules. 21. The computer program product of claim 15 , wherein the instructions include instructions that, when executed, cause the at least one processor to: determine the service risk score for the service by aggregating the asset risk scores of the network assets used by the servic