System and method for risk detection reporting and infrastructure

US 10,068,193 B2
Filed: 11/02/2015
Issued: 09/04/2018
Est. Priority Date: 06/09/2003
Status: Active Grant

First Claim

Patent Images

1. A system for monitoring and controlling risks associated with a supply chain, comprising:

a processor;

a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following;

accessing the memory to identify one or more supply chain infrastructural elements;

identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements, wherein the one or more safety based risk elements include one or more of;

external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets, or physical subversion of delivery mechanisms,wherein each of the one or more safety based risk elements corresponds to one of a plurality of risk categories, and wherein each of the plurality of risk categories has an associated base value that corresponds to an average risk value,wherein a derived risk value for each of the one or more safety based risk elements is determined based on at least one of a relative degree of risk and risk of a particular type with respect to the associated at least one of the identified supply chain infrastructural elements, wherein an associated risk value of each of the risk categories is determined based on one or more derived risk values of the one or more safety based risk elements associated with such risk category, and wherein the associated risk value corresponds to at least one of a physical location, a logical location, and a type of the associated at least one of the identified supply chain infrastructure elements;

analyzing a probability of an occurrence of a threat outcome using the processor based on a transparency, character, logic and trust of the data;

determining a risk threshold based on a value of a threat times the probability of the occurrence of the threat outcome, wherein the value of the threat is based on the associated risk values for the plurality of risk categories,wherein at least one risk policy is determined for each of the plurality of risk categories, to arrive at a set of risk policies, wherein implementation of the set of risk policies comprises evaluating a risk associated with at least one of the one or more identified supply chain infrastructural elements to determine whether the risk exceeds or does not exceed the risk threshold;

receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; and

if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a system, and a device for monitoring risks associated with at least one business process, including: evaluating at least one of a plurality of document instances, wherein each of the document instances includes, in association therewith, a plurality of document values, against a plurality of risk categories; implementing the plurality of risk categories pursuant to at least one acceptable risk policy approved for the at least one business process; and qualifying at least one of the at least one of the plurality of documents pursuant to an approval rating of the at least one document in at least one risk category. The system, method, and device efficiently monitor risk, and allow for flexibility in modifying or updating risk policy.

Citations

24 Claims

1. A system for monitoring and controlling risks associated with a supply chain, comprising:
- a processor;
  
  a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following;
  
  accessing the memory to identify one or more supply chain infrastructural elements;
  
  identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements, wherein the one or more safety based risk elements include one or more of;
  
  external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets, or physical subversion of delivery mechanisms,wherein each of the one or more safety based risk elements corresponds to one of a plurality of risk categories, and wherein each of the plurality of risk categories has an associated base value that corresponds to an average risk value,wherein a derived risk value for each of the one or more safety based risk elements is determined based on at least one of a relative degree of risk and risk of a particular type with respect to the associated at least one of the identified supply chain infrastructural elements, wherein an associated risk value of each of the risk categories is determined based on one or more derived risk values of the one or more safety based risk elements associated with such risk category, and wherein the associated risk value corresponds to at least one of a physical location, a logical location, and a type of the associated at least one of the identified supply chain infrastructure elements;
  
  analyzing a probability of an occurrence of a threat outcome using the processor based on a transparency, character, logic and trust of the data;
  
  determining a risk threshold based on a value of a threat times the probability of the occurrence of the threat outcome, wherein the value of the threat is based on the associated risk values for the plurality of risk categories,wherein at least one risk policy is determined for each of the plurality of risk categories, to arrive at a set of risk policies, wherein implementation of the set of risk policies comprises evaluating a risk associated with at least one of the one or more identified supply chain infrastructural elements to determine whether the risk exceeds or does not exceed the risk threshold;
  
  receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; and
  
  if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the risk threshold is dynamic based on one or more of the overall threat environment, intelligence, and the one or more safety based risk elements.
  - 3. The system of claim 1, wherein if the risk threshold is exceeded, taking responsive actions until the risk is deemed mitigated.
  - 4. The system of claim 1, further comprising taking one or more responsive actions based on the one or more identified supply chain infrastructural elements for which the risk threshold has been exceeded, until at least one risk category value is reduced sufficiently such that the risk threshold is no longer exceeded.
  - 5. The system of claim 1, further comprising allowing access to an infrastructural element if the risk threshold is not exceeded.
  - 6. The system of claim 1, wherein the supply chain comprises the shipment of freight.
  - 7. The system of claim 1, further comprising if the risk threshold is exceeded, adjusting at least one risk policy of the set of risk policies.

8. A system for monitoring and controlling risks associated with a supply chain, comprising:
- a processor;
  
  a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following;
  
  accessing the memory to identify one or more supply chain infrastructural elements;
  
  identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements, wherein the one or more safety based risk elements include one or more of;
  
  external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets, or physical subversion of delivery mechanisms,wherein each of the one or more safety based risk elements corresponds to one of a plurality of risk categories, and wherein each of the plurality of risk categories has an associated base value that corresponds to an average risk value,wherein a derived risk value for each of the one or more safety based risk elements is determined based on at least one of a relative degree of risk and risk of a particular type with respect to the associated at least one of the identified supply chain infrastructural elements, wherein an associated risk value of each of the risk categories is determined based on one or more derived risk values of the one or more safety based risk elements associated with such risk category, and wherein the associated risk value corresponds to at least one of a likelihood of occurrence, cultural concerns, magnitude, ability to mitigate, and resource availability;
  
  analyzing a probability of an occurrence of a threat outcome using the processor based on a transparency, character, logic and trust of the data;
  
  determining a risk threshold with respect to the one or more identified supply chain infrastructural elements and the safety based risk elements based on a value of a threat times the probability of the occurrence of the threat outcome, wherein the value of the threat is based on the associated risk values for the plurality of risk categories,wherein at least one risk policy is determined for each of the plurality of risk categories, to arrive at a set of risk policies, wherein the set of risk policies vary based on at least one of the physical location, logical location, and type of physical structure, wherein implementation of the set of risk policies comprises evaluating a risk associated with at least one of the one or more identified supply chain infrastructural elements to determine whether the risk exceeds or does not exceed the risk threshold;
  
  receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; and
  
  if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the risk threshold is dynamic based on one or more of the overall threat environment, intelligence, and the safety based risk elements.
  - 10. The system of claim 8, wherein if the risk threshold is exceeded, taking responsive actions until the risk is deemed mitigated.
  - 11. The system of claim 8, further comprising taking one or more responsive actions based on the one or more identified supply chain infrastructural elements for which the risk threshold has been exceeded, until at least one risk category value is reduced sufficiently such that the risk threshold is no longer exceeded.
  - 12. The system of claim 8, further comprising allowing access to an infrastructural element if the risk threshold is not exceeded.
  - 13. The system of claim 8, wherein the supply chain comprises the shipment of freight.
  - 14. The system of claim 8, further comprising if the risk threshold is exceeded, adjusting at least one risk policy of the set of risk policies.

15. A system for monitoring and controlling risks associated with a supply chain, comprising:
- a processor;
  
  a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following;
  
  accessing the memory to identify one or more supply chain infrastructural elements;
  
  identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements, wherein the one or more safety based risk elements include one or more of;
  
  external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets, or physical subversion of delivery mechanisms,wherein each of the one or more safety based risk elements corresponds to one of a plurality of risk categories, and wherein each of the plurality of risk categories has an associated base value that corresponds to an average risk value,wherein a derived risk value for each of the one or more safety based risk elements is determined based on at least one of a relative degree of risk and risk of a particular type;
  
  determining a risk threshold with respect to the one or more identified supply chain infrastructural elements and the safety based risk elements,wherein at least one risk policy is determined for each of the plurality of risk categories, to arrive at a set of risk policies, wherein implementation of the set of risk policies comprises evaluating a risk associated with at least one of the one or more identified supply chain infrastructural elements to determine whether the risk exceeds or does not exceed the risk threshold;
  
  receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded;
  
  modifying at least one risk policy of the set of risk policies and the determination of a risk value using the processor based on a transparency, character, logic and trust of the data; and
  
  if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein the risk threshold is dynamic based on one or more of the overall threat environment, intelligence, and the one or more safety based risk elements.
  - 17. The system of claim 15, wherein if the risk threshold is exceeded, taking responsive actions until the risk is deemed mitigated.
  - 18. The system of claim 15, further comprising taking one or more responsive actions based on the one or more identified supply chain infrastructural elements for which the risk threshold has been exceeded, until at least one risk category value is reduced sufficiently such that the risk threshold is no longer exceeded.
  - 19. The system of claim 15, further comprising allowing access to an infrastructural element if the risk threshold is not exceeded.
  - 20. The system of claim 15, wherein the supply chain comprises the shipment of freight.
  - 21. The system of claim 15, further comprising if the risk threshold is exceeded, adjusting at least one risk policy of the set of risk policies.

22. A method implemented using a processor and a memory, for monitoring and controlling risks associated with a supply chain, comprising:
- accessing the memory to identify one or more safety based risk elements within a supply chain infrastructure where the safety based risk elements include one or more of;
  
  external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets and physical subversion of delivery mechanisms;
  
  identifying one or more supply chain infrastructural elements within the supply chain infrastructure, wherein each of the one or more safety based risk elements is associated with one or more of the supply chain infrastructural elements;
  
  categorizing the identified one or more safety based risk elements according to risk categories, wherein the risk categories each have an associated base value and the identified one or more safety based risk elements have a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type with respect to the corresponding supply chain infrastructural elements;
  
  generating an associated risk value for each of the risk categories, wherein the associated risk value of each of the risk categories corresponds to the likelihood of occurrence, magnitude, ability to mitigate, and resource availability, or relating to an event associated with the corresponding one or more safety based risk elements;
  
  defining a set of risk policies according to the risk categories, wherein each of the risk policies is associated with a risk threshold corresponding to the supply chain infrastructure elements and the safety based risk elements of the supply chain at issue, wherein each risk threshold is determined based on the value of a threat times the probability of the occurrence of a threat outcome with respect to the supply chain infrastructure elements and safety based risk elements of the supply chain at issue, wherein the value of the threat is based on the associated risk values for the plurality of risk categories, and wherein the probability of occurrence of the threat is analyzed using the processor based on a transparency, character, logic and trust of the data;
  
  receiving information indicating that one or more supply chain infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against each of the risk policies of the set of risk policies to determine if the risk threshold of the risk policy, corresponding to the supply chain infrastructural element or supply chain at issue, is exceeded; and
  
  if the risk threshold is exceeded, flagging the supply chain infrastructural element or supply chain at issue or categorizing the supply chain infrastructural elements or supply chain at issue as high risk.

23. A system for monitoring and controlling risks associated with a supply chain, comprising:
- a processor;
  
  a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following;
  
  accessing the memory to identify one or more supply chain infrastructural elements;
  
  identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements, wherein each of the one or more safety based risk elements corresponds to one of a plurality of risk categories, wherein each of the plurality of risk categories has an associated base value;
  
  determining a derived risk value for each of the one or more safety based risk elements based on an analysis of a plurality of data corresponding to the one or more identified supply chain infrastructural elements considering a type and a location of the associated one or more identified supply chain infrastructural elements, wherein a cumulative risk value of each of the risk categories is determined based on a weighted average of the derived risk values of each of the one or more safety based risk elements that corresponds to such risk category;
  
  determining a risk threshold based on a value of a threat times the probability of the occurrence of the threat outcome, wherein the value of the threat is based on a weighted average of the associated base values for each of the plurality of risk categories;
  
  determining at least one risk policy for each of the plurality of risk categories, to arrive at a set of risk policies;
  
  receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain;
  
  determining a total risk value based on the set of risk policies corresponding to the one or more identified supply chain infrastructural elements that is to be utilized in the supply chain and using the processor to evaluate the total risk value against the set of risk policies to determine if the risk threshold is exceeded; and
  
  if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk.

24. A system for monitoring and controlling risks associated with a supply chain, comprising:
- a processor;
  
  a memory coupled to the processor, wherein the memory contains a software program to be run by the processor that provides for the following;
  
  accessing the memory to identify one or more supply chain infrastructural elements;
  
  identifying one or more safety based risk elements each associated with said one or more identified supply chain infrastructural elements;
  
  determining a derived risk value for each of the one or more safety based risk elements based on an analysis of a plurality of data corresponding to the one or more identified supply chain infrastructural elements;
  
  determining a risk threshold based on a value of a threat times the probability of the occurrence of the threat outcome;
  
  determining at least one risk policy for each of the plurality of risk categories, to arrive at a set of risk policies;
  
  receiving information indicating that the one or more identified supply chain infrastructural elements is to be utilized in the supply chain;
  
  determining a total risk value based on the set of risk policies corresponding to the one or more identified supply chain infrastructural elements that is to be utilized in the supply chain and using the processor to evaluate the total risk value against the set of risk policies to determine if the risk threshold is exceeded; and
  
  if the risk threshold is exceeded, flagging the one or more identified supply chain infrastructural elements or categorizing the one or more identified supply chain infrastructural elements as high risk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Smartsafety Software Inc.
Original Assignee
A-T Solutions (Jacobs Solutions, Inc.)
Inventors
Miller, Charles J., Frankel, Yair, Rosenkrantz, Noah J.
Primary Examiner(s)
Sterrett, Jonathan G

Application Number

US14/930,397
Publication Number

US 20160055435A1
Time in Patent Office

1,037 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/08   Logistics, e.g. warehousing...

G06Q 40/08   Insurance

H04L 63/1433   Vulnerability analysis

System and method for risk detection reporting and infrastructure

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for risk detection reporting and infrastructure

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links