Systems and methods for determining asset importance in security risk management

What is claimed is: 1. A computer-implemented method for ranking importance of assets of an entity, the assets comprising hosts associated with the entity, the method comprising: receiving at least one of: a first dataset comprising (i) a respective plurality of hostnames of a plurality of hosts and (ii) lookup counts for each hostname of the plurality of hostnames, the lookup counts obtained from a stream of a domain name system (DNS) queries; or a second dataset comprising source code for a plurality of websites indicating, for each website, whether a host of the website is configured to collect data from users, the websites associated with the entity; determining input data based on the received at least one first dataset or second dataset such that: when the first dataset is received, determining a first input data comprising, for each host of the plurality of hosts, a ratio of (a) a number of lookup counts of the hostname of the host to (b) a maximum number of lookup counts of the plurality of hostnames for the entity; and when the second dataset is received, determining a second input data indicating, for each host of the website, whether the source code indicates that the host is configured to collect data from users of the web site; and determining, for each host associated with the entity, a host importance ranking based on the determined input data. 2. The method of claim 1 , further comprising: receiving the first dataset and the second dataset; and determining, for each host associated with the entity, the host importance ranking based on a weighting of the first input data and the second input data. 3. The method of claim 2 , further comprising receiving the first dataset, wherein determining, for each host associated with the entity, the host importance ranking further comprises: if the lookup count is zero, determining that the host importance ranking is lower than a host associated with (i) one or more lookup counts, (ii) source code indicating that the host is configured to collect data from users of the website, or (iii) an authentication certificate. 4. The method of claim 2 , further comprising: receiving the first dataset and the second dataset; determining, for each host associated with the entity, the host importance ranking based on the weighting of the first input data and the second input data; and determining a maximum of: (i) the first input data; and (ii) a sum of: (a) the first input data multiplied by a first weight; and (b) the second input data multiplied by a second weight. 5. The method of claim 4 , further comprising: if the lookup count is at least one, setting the first weight to equal to the second weight, such that the sum of the first weight and the second weight is equal to one; and if the lookup count is zero, setting the second weight to equal to or less than the first weight. 6. The method of claim 1 , further comprising: assigning a unique identifier to each host associated with the entity. 7. The method of claim 1 , wherein the first dataset comprises lookup counts for each hostname over seven consecutive days. 8. The method of claim 1 , wherein the source code comprises HTML, data for the plurality of websites. 9. The method of claim 1 , wherein, when the second dataset is received, determining the second input data further comprises: determining whether the source code indicates that the website includes a form for collecting data from the users of the website. 10. The method of claim 9 , wherein, when the second dataset is received, determining the second input data further comprises: excluding those websites in which the form collects only search queries. 11. The method of claim 1 , further comprising: presenting the host importance ranking in a user interface. 12. The method of claim 11 , wherein, when the second dataset is received, determining the second input data further comprises: collecting a URL of the website, wherein presenting the host importance ranking in a user interface comprises: presenting the URL of the website with the corresponding host. 13. The method of claim 1 , wherein the assets further comprise Internet Protocol (IP) addresses associated with the entity, the method further comprising: receiving at least one of: a third dataset comprising (i) a plurality of IP addresses and (ii) lookup counts for each IP address of the plurality of IP addresses; a fourth dataset comprising at least one service or application type associated with at least one IP address associated with the entity; a fifth dataset comprising fingerprints and/or cookies associated with another plurality of IP addresses associated with the entity; determining additional input data based on the received at least one third dataset, fourth dataset, or fifth dataset such that: when the third dataset is received, determining a third input data comprising a ratio of (a) a number of lookup counts of the IP addresses to (b) a maximum number of lookup counts of the IP addresses for the entity; when the fourth dataset is received, determining a fourth input data comprising a ranking of the at least one service or application type, the ranking determined by comparing each service or application type to a database of pre-ranked service or application types; when the fifth dataset is received, determining a fifth input data comprising a ratio of (a) a number of unique fingerprints and/or unique cookies of an IP address of the other plurality of IP addresses to (b) a maximum of numbers of unique fingerprints and/or unique cookies for the other plurality of IP addresses of the entity; and determining, for each IP address associated with the entity, an IP address importance ranking based on the determined additional input data. 14. The method of claim 13 , further comprising: determining, for each IP address of the entity, the IP address importance ranking based on a weighting of the at least two of the third input data, the fourth input data, the fifth input data, or the host importance ranking. 15. The method of claim 13 , wherein the fourth dataset comprises at least two service or application types for a particular IP address of the at least one IP address, and wherein, when the fourth dataset is received, determining the fourth input data comprises: determining the ranking of the at least two service or application types; and retaining a ranking of a highest ranked service or application type of the at least two service or application types. 16. The method of claim 13 , wherein the fourth dataset comprises at least thirty days of data related to the at least one service or application type. 17. The method of claim 13 , wherein, when the fourth dataset is received, determining the fourth input data comprises: ranking the at least one service or application type based on a function and/or a criticality of a corresponding service or application having the at least one service or application type. 18. The method of claim 13 , wherein the fifth dataset further comprises infection status of systems associated with the other plurality of IP addresses. 19. The method of claim 18 , wherein the infection status of systems includes a measure of malware families identified to be associated with the other plurality of IP addresses. 20. The method of claim 19 , wherein the fifth input data further comprises a ratio of (i) a number of unique malware families associated with a particular IP address of the other plurality of IP ad