System and method for risk detection reporting and infrastructure
First Claim
1. A system for monitoring and controlling risks associated with a supply chain, comprising:
- a processor;
a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following;
accessing the memory to identify one or more supply chain infrastructural elements;
identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements, wherein the one or more safety based risk elements include one or more of;
external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets, or physical subversion of delivery mechanisms,wherein each of the one or more safety based risk elements corresponds to one of a plurality of risk categories, and wherein each of the plurality of risk categories has an associated base value that corresponds to an average risk value,wherein a derived risk value for each of the one or more safety based risk elements is determined based on at least one of a relative degree of risk and risk of a particular type with respect to the associated at least one of the identified supply chain infrastructural elements, wherein an associated risk value of each of the risk categories is determined based on one or more derived risk values of the one or more safety based risk elements associated with such risk category, and wherein the associated risk value corresponds to at least one of a physical location, a logical location, and a type of the associated at least one of the identified supply chain infrastructure elements;
analyzing a probability of an occurrence of a threat outcome using the processor based on a transparency, character, logic and trust of the data;
determining a risk threshold based on a value of a threat times the probability of the occurrence of the threat outcome, wherein the value of the threat is based on the associated risk values for the plurality of risk categories,wherein at least one risk policy is determined for each of the plurality of risk categories, to arrive at a set of risk policies, wherein implementation of the set of risk policies comprises evaluating a risk associated with at least one of the one or more identified supply chain infrastructural elements to determine whether the risk exceeds or does not exceed the risk threshold;
receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; and
if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk.
15 Assignments
0 Petitions
Accused Products
Abstract
A method, a system, and a device for monitoring risks associated with at least one business process, including: evaluating at least one of a plurality of document instances, wherein each of the document instances includes, in association therewith, a plurality of document values, against a plurality of risk categories; implementing the plurality of risk categories pursuant to at least one acceptable risk policy approved for the at least one business process; and qualifying at least one of the at least one of the plurality of documents pursuant to an approval rating of the at least one document in at least one risk category. The system, method, and device efficiently monitor risk, and allow for flexibility in modifying or updating risk policy.
-
Citations
24 Claims
-
1. A system for monitoring and controlling risks associated with a supply chain, comprising:
-
a processor; a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following; accessing the memory to identify one or more supply chain infrastructural elements; identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements, wherein the one or more safety based risk elements include one or more of; external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets, or physical subversion of delivery mechanisms, wherein each of the one or more safety based risk elements corresponds to one of a plurality of risk categories, and wherein each of the plurality of risk categories has an associated base value that corresponds to an average risk value, wherein a derived risk value for each of the one or more safety based risk elements is determined based on at least one of a relative degree of risk and risk of a particular type with respect to the associated at least one of the identified supply chain infrastructural elements, wherein an associated risk value of each of the risk categories is determined based on one or more derived risk values of the one or more safety based risk elements associated with such risk category, and wherein the associated risk value corresponds to at least one of a physical location, a logical location, and a type of the associated at least one of the identified supply chain infrastructure elements; analyzing a probability of an occurrence of a threat outcome using the processor based on a transparency, character, logic and trust of the data; determining a risk threshold based on a value of a threat times the probability of the occurrence of the threat outcome, wherein the value of the threat is based on the associated risk values for the plurality of risk categories, wherein at least one risk policy is determined for each of the plurality of risk categories, to arrive at a set of risk policies, wherein implementation of the set of risk policies comprises evaluating a risk associated with at least one of the one or more identified supply chain infrastructural elements to determine whether the risk exceeds or does not exceed the risk threshold; receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; and if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for monitoring and controlling risks associated with a supply chain, comprising:
-
a processor; a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following; accessing the memory to identify one or more supply chain infrastructural elements; identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements, wherein the one or more safety based risk elements include one or more of; external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets, or physical subversion of delivery mechanisms, wherein each of the one or more safety based risk elements corresponds to one of a plurality of risk categories, and wherein each of the plurality of risk categories has an associated base value that corresponds to an average risk value, wherein a derived risk value for each of the one or more safety based risk elements is determined based on at least one of a relative degree of risk and risk of a particular type with respect to the associated at least one of the identified supply chain infrastructural elements, wherein an associated risk value of each of the risk categories is determined based on one or more derived risk values of the one or more safety based risk elements associated with such risk category, and wherein the associated risk value corresponds to at least one of a likelihood of occurrence, cultural concerns, magnitude, ability to mitigate, and resource availability; analyzing a probability of an occurrence of a threat outcome using the processor based on a transparency, character, logic and trust of the data; determining a risk threshold with respect to the one or more identified supply chain infrastructural elements and the safety based risk elements based on a value of a threat times the probability of the occurrence of the threat outcome, wherein the value of the threat is based on the associated risk values for the plurality of risk categories, wherein at least one risk policy is determined for each of the plurality of risk categories, to arrive at a set of risk policies, wherein the set of risk policies vary based on at least one of the physical location, logical location, and type of physical structure, wherein implementation of the set of risk policies comprises evaluating a risk associated with at least one of the one or more identified supply chain infrastructural elements to determine whether the risk exceeds or does not exceed the risk threshold; receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; and if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for monitoring and controlling risks associated with a supply chain, comprising:
-
a processor; a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following; accessing the memory to identify one or more supply chain infrastructural elements; identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements, wherein the one or more safety based risk elements include one or more of; external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets, or physical subversion of delivery mechanisms, wherein each of the one or more safety based risk elements corresponds to one of a plurality of risk categories, and wherein each of the plurality of risk categories has an associated base value that corresponds to an average risk value, wherein a derived risk value for each of the one or more safety based risk elements is determined based on at least one of a relative degree of risk and risk of a particular type; determining a risk threshold with respect to the one or more identified supply chain infrastructural elements and the safety based risk elements, wherein at least one risk policy is determined for each of the plurality of risk categories, to arrive at a set of risk policies, wherein implementation of the set of risk policies comprises evaluating a risk associated with at least one of the one or more identified supply chain infrastructural elements to determine whether the risk exceeds or does not exceed the risk threshold; receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; modifying at least one risk policy of the set of risk policies and the determination of a risk value using the processor based on a transparency, character, logic and trust of the data; and if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method implemented using a processor and a memory, for monitoring and controlling risks associated with a supply chain, comprising:
-
accessing the memory to identify one or more safety based risk elements within a supply chain infrastructure where the safety based risk elements include one or more of; external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets and physical subversion of delivery mechanisms; identifying one or more supply chain infrastructural elements within the supply chain infrastructure, wherein each of the one or more safety based risk elements is associated with one or more of the supply chain infrastructural elements; categorizing the identified one or more safety based risk elements according to risk categories, wherein the risk categories each have an associated base value and the identified one or more safety based risk elements have a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type with respect to the corresponding supply chain infrastructural elements; generating an associated risk value for each of the risk categories, wherein the associated risk value of each of the risk categories corresponds to the likelihood of occurrence, magnitude, ability to mitigate, and resource availability, or relating to an event associated with the corresponding one or more safety based risk elements; defining a set of risk policies according to the risk categories, wherein each of the risk policies is associated with a risk threshold corresponding to the supply chain infrastructure elements and the safety based risk elements of the supply chain at issue, wherein each risk threshold is determined based on the value of a threat times the probability of the occurrence of a threat outcome with respect to the supply chain infrastructure elements and safety based risk elements of the supply chain at issue, wherein the value of the threat is based on the associated risk values for the plurality of risk categories, and wherein the probability of occurrence of the threat is analyzed using the processor based on a transparency, character, logic and trust of the data; receiving information indicating that one or more supply chain infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against each of the risk policies of the set of risk policies to determine if the risk threshold of the risk policy, corresponding to the supply chain infrastructural element or supply chain at issue, is exceeded; and if the risk threshold is exceeded, flagging the supply chain infrastructural element or supply chain at issue or categorizing the supply chain infrastructural elements or supply chain at issue as high risk.
-
-
23. A system for monitoring and controlling risks associated with a supply chain, comprising:
-
a processor; a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following; accessing the memory to identify one or more supply chain infrastructural elements; identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements, wherein each of the one or more safety based risk elements corresponds to one of a plurality of risk categories, wherein each of the plurality of risk categories has an associated base value; determining a derived risk value for each of the one or more safety based risk elements based on an analysis of a plurality of data corresponding to the one or more identified supply chain infrastructural elements considering a type and a location of the associated one or more identified supply chain infrastructural elements, wherein a cumulative risk value of each of the risk categories is determined based on a weighted average of the derived risk values of each of the one or more safety based risk elements that corresponds to such risk category; determining a risk threshold based on a value of a threat times the probability of the occurrence of the threat outcome, wherein the value of the threat is based on a weighted average of the associated base values for each of the plurality of risk categories; determining at least one risk policy for each of the plurality of risk categories, to arrive at a set of risk policies; receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain; determining a total risk value based on the set of risk policies corresponding to the one or more identified supply chain infrastructural elements that is to be utilized in the supply chain and using the processor to evaluate the total risk value against the set of risk policies to determine if the risk threshold is exceeded; and if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk.
-
-
24. A system for monitoring and controlling risks associated with a supply chain, comprising:
-
a processor; a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following; accessing the memory to identify one or more supply chain infrastructural elements; identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements; determining a derived risk value for each of the one or more safety based risk elements based on an analysis of a plurality of data corresponding to the one or more identified supply chain infrastructural elements; determining a risk threshold based on a value of a threat times the probability of the occurrence of the threat outcome; determining at least one risk policy for each of the plurality of risk categories, to arrive at a set of risk policies; receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain; determining a total risk value based on the set of risk policies corresponding to the one or more identified supply chain infrastructural elements that is to be utilized in the supply chain and using the processor to evaluate the total risk value against the set of risk policies to determine if the risk threshold is exceeded; and if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk.
-
Specification