Systems and methods for determining asset importance in security risk management

What is claimed is: 1. A computer-implemented method for ranking importance of assets of an entity, the assets comprising Internet Protocol (IP) addresses associated with the entity, the method comprising: receiving at least one of: a first dataset comprising (i) a first plurality of IP addresses associated with the entity and (ii) lookup counts for each IP address of the first plurality of IP addresses; a second dataset comprising at least one service or application type associated with at least one IP address associated with the entity; or a third dataset comprising fingerprints and/or cookies associated with a second plurality of IP addresses associated with the entity; determining input data based on the received at least one first dataset, second dataset, or third dataset such that: when the first dataset is received, determining a first input data comprising a ratio of (a) a number of lookup counts of the first plurality of IP addresses to (b) a maximum number of lookup counts of the first plurality of IP addresses; when the second dataset is received, determining a second input data comprising a ranking of the at least one service or application type, the ranking determined by comparing each service or application type to a database of pre-ranked service or application types; and when the third dataset is received, determining a third input data comprising a ratio of (a) a number of unique fingerprints and/or unique cookies of an IP address of the second plurality of IP addresses to (b) a maximum of numbers of unique fingerprints and/or unique cookies for the second plurality of IP addresses of the entity; and determining, for each IP address associated with the entity, an IP address importance ranking based on the determined input data. 2. The method of claim 1 , wherein the second dataset comprises at least two service or application types for a particular IP address of the at least one IP address, and wherein, when the second dataset is received, determining the second input data comprises: determining the ranking of the at least two service or application types; and retaining a ranking of a highest ranked service or application type of the at least two service or application types. 3. The method of claim 1 , wherein the second dataset comprises at least thirty days of data related to the at least one service or application type. 4. The method of claim 1 , wherein, when the second dataset is received, determining the second input data comprises: ranking the at least one service or application type based on a function and/or a criticality of a corresponding service or application having the at least one service or application type. 5. The method of claim 1 , wherein the third dataset further comprises infection status of systems associated with the second plurality of IP addresses. 6. The method of claim 5 , wherein the infection status of systems includes a measure of malware families identified to be associated with the second plurality of IP addresses. 7. The method of claim 6 , wherein the third input data further comprises a ratio of (i) a number of unique malware families associated with a particular IP address of the second plurality of IP addresses to (ii) a maximum of numbers of unique malware families associated with the second plurality of IP addresses. 8. The method of claim 1 , wherein the third dataset comprises at least sixty days of data related to fingerprints and/or cookies associated with the second plurality of IP addresses. 9. The method of claim 1 , wherein the assets further comprise hosts associated with the entity, the method further comprising: receiving at least one of: a fourth dataset comprising (i) a respective plurality of hostnames of a plurality of hosts and (ii) lookup counts for each hostname of the plurality of hostnames, the lookup counts obtained from a stream of a domain name system (DNS) queries; a fifth dataset comprising source code for a plurality of websites indicating, for each website, whether a host of the website is configured to collect data from users, the websites associated with the entity; or a sixth dataset comprising a plurality of authentication certificates associated with at least one of the plurality of hosts; determining additional input data based on the received at least one fourth dataset, fifth dataset, or sixth dataset such that: when the fourth dataset is received, determining a fourth input data comprising, for each host of the plurality of hosts, a ratio of (a) a number of lookup counts of the hostname of the host to (b) a maximum number of lookup counts of the plurality of hostnames for the entity; when the fifth dataset is received, determining a fifth input data indicating, for each host of the website, whether the source code indicates that the host is configured to collect data from users of the website; and when the sixth dataset is received, determining a sixth input data indicating, for the at least one host, whether the host has an authentication certificate; and determining, for each host associated with the entity, a host importance ranking based on the determined additional input data. 10. The method of claim 9 , further comprising: receiving at least two of the fourth dataset, fifth dataset, or sixth dataset; and determining, for each host associated with the entity, the host importance ranking based on a weighting of the at least two of the fourth input data, the fifth input data, or the sixth input data. 11. The method of claim 10 , further comprising receiving the fourth dataset, wherein determining, for each host associated with the entity, the host importance ranking further comprises: when the lookup count is zero, determining that the host importance ranking is lower than a host associated with (i) one or more lookup counts, (ii) source code indicating that the host is configured to collect data from users of the website, or (iii) an authentication certificate. 12. The method of claim 10 , further comprising: receiving the fourth dataset, fifth dataset, and sixth dataset; determining, for each host associated with the entity, the host importance ranking based on the weighting of the fourth input data, the fifth input data, and the sixth input data; and determining a maximum of: (i) the fourth input data; and (ii) a sum of: (a) the fourth input data multiplied by a fourth weight; (b) the fifth input data multiplied by a fifth weight; and (c) the sixth input data multiplied by a sixth weight. 13. The method of claim 12 , further comprising: when the lookup count is at least one, setting the fourth weight to equal to the fifth weight and the sixth weight to equal to less than the fourth weight, such that a sum of the fourth weight, the fifth weight, and the sixth weight is equal to one; and when the lookup count is zero, setting a sum of the fifth weight and the sixth weight to equal to or less than the fourth weight. 14. The method of claim 9 , further comprising: assigning a unique identifier to each host associated with the entity. 15. The method of claim 9 , wherein the fourth dataset comprises lookup counts for each hostname over seven consecutive days. 16. The method of claim 9 , wherein the source code comprises HTML data for the plurality of websites. 17. The method of claim 9 , wherein, when the fifth dataset is received, determining the fifth input data further comprises: determining whether the source code indicates that the website includes a form for collecting data from the users of the website.