System and method for monitoring and grading a cybersecurity framework
First Claim
1. A cybersecurity system, comprising:
- processing logic configured to;
receive, over a network and from a client system, control information associated with one or more cybersecurity controls, wherein the control information indicates a current state of the client system with respect to each cybersecurity control of the one or more cybersecurity controls;
transmit, over the network and to the client system, one or more query scripts based on at least a target state of the client system and the control information;
receive, over the network and from the client system, one or more responses to the one or more query scripts; and
transmit, over the network and to the client system, one or more suggestions for moving cybersecurity of the client system from the current state towards the target state, wherein the one or more suggestions are based on at least the one or more responses and the current state of the client system, and wherein the one or more suggestions include one or more updates to be made to the client system to improve the cybersecurity of the client system.
1 Assignment
0 Petitions
Accused Products
Abstract
A cybersecurity system is provided that sums and scores one or more cybersecurity controls for different client computing systems that each have different attributes, needs, and interests. In addition, the cybersecurity system provides to each different client computing system auto-suggestions that suggest one or more ways in which the client computing system may improve the confidentiality, integrity, and availability of the information stored on the client computing system and/or improve the confidentiality, integrity, and availability of the underlying characteristics of the client computing system. In addition, the cybersecurity system verifies that the functioning of the client computing system has improved.
-
Citations
36 Claims
-
1. A cybersecurity system, comprising:
-
processing logic configured to; receive, over a network and from a client system, control information associated with one or more cybersecurity controls, wherein the control information indicates a current state of the client system with respect to each cybersecurity control of the one or more cybersecurity controls; transmit, over the network and to the client system, one or more query scripts based on at least a target state of the client system and the control information; receive, over the network and from the client system, one or more responses to the one or more query scripts; and transmit, over the network and to the client system, one or more suggestions for moving cybersecurity of the client system from the current state towards the target state, wherein the one or more suggestions are based on at least the one or more responses and the current state of the client system, and wherein the one or more suggestions include one or more updates to be made to the client system to improve the cybersecurity of the client system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A cybersecurity system configured to:
-
receive, over a network and from a client system, control information associated with one or more cybersecurity controls, wherein the control information indicates a current state of the client system with respect to each cybersecurity control of the one or more cybersecurity controls; transmit, over the network and to the client system, one or more query scripts based on at least a target state of the client system and the control information; receive, over the network and from the client system, one or more responses to the one or more query scripts; transmit, over the network and to the client system, one or more suggestions for moving cybersecurity of the client system from the current state towards the target state, wherein the one or more suggestions are based on at least the one or more responses and the current state of the client system; determine if the client computing system has been updated according to the one or is more suggestions; in response to determining that a particular cybersecurity control has been updated based on the one or more suggestions, provide, to the client system, a new compliance value for the particular cybersecurity control; and in response to determining that the particular cybersecurity control has not been updated based on the one or more suggestions, provide, to the client system, an alert indicating that the particular cybersecurity control has not been updated. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage media storing:
-
one or more instructions that, when executed, cause at least one processing device to; receive, over a network and from a client system, control information s associated with one or more cybersecurity controls, wherein the control information indicates a current state of the client system with respect to each cybersecurity control of the one or more cybersecurity controls; transmit, over the network and to the client system, one or more query scripts based on at least a target state of the client system and the control information; receive, over the network and from the client system, one or more responses to the one or more query scripts; and transmit, over the network and to the client system, one or more suggestions for moving cybersecurity of the client system from the current state towards the target state, wherein the one or more suggestions are based on at least the one or more responses and the current state of the client system, and wherein the one or more suggestions include one or more updates to be made to the client system to improve the cybersecurity of the client system. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A non-transitory computer-readable media storing:
one or more instructions that, when executed, cause the at least one processing device to; receive, over a network and from a client system, control information s associated with one or more cybersecurity controls, wherein the control information indicates a current state of the client system with respect to each cybersecurity control of the one or more cybersecurity controls; transmit, over the network and to the client system, one or more query scripts based on at least a target state of the client system and the control information; receive, over the network and from the client system, one or more responses to the one or more query scripts; transmit, over the network and to the client system, one or more suggestions for moving cybersecurity of the client system from the current state towards the target state, wherein the one or more suggestions are based on at least the one or more responses and the current state of the client system; determine if the client computing system has been updated according to the one or more suggestions; in response to determining that a particular cybersecurity control has been updated based on the one or more suggestions, provide, to the client system, a new compliance value for the particular cybersecurity control; and in response to determining that the particular cybersecurity control has not been updated based on the one or more suggestions, provide, to the client system, an alert indicating that the particular cybersecurity control has not been updated. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
-
35. A method, comprising:
-
receiving, from a client system and at a cybersecurity system, control information associated with one or more cybersecurity controls, wherein the control information indicates a current state of the client system with respect to each cybersecurity control of s the one or more cybersecurity controls; transmitting, over the network and to the client system, one or more query scripts based on at least a target state of the client system and the control information; receiving, over the network and from the client system, one or more responses to the one or more query scripts; and transmitting, over the network and to the client system, one or more suggestions for moving cybersecurity of the client system from the current state towards the target state, wherein the one or more suggestions are based on at least the one or more responses and the current state of the client system, and wherein the one or more suggestions include one or more updates to be made to the client system to improve the cybersecurity of the client system.
-
-
36. A cybersecurity system, comprising:
-
processing logic configured to; receive, over a network and from a client system, control information associated with one or more cybersecurity controls, wherein the control information indicates a current state of the client system with respect to each cybersecurity control of the one or more cybersecurity controls; transmit, over the network and to the client system, one or more query scripts based on at least a target state of the client system and the control information; receive, over the network and from the client system, one or more responses to the one or more query scripts; and transmit, over the network and to the client system, one or more suggestions for moving cybersecurity of the client system from the current state towards the target state, wherein the one or more suggestions are based on at least the one or more responses and is the current state of the client system, and wherein the one or more suggestions include one or more updates to be made to the client system to improve at least one of confidentiality, integrity, and availability associated with the client system.
-
Specification