System, method and medium for certifying and accrediting requirements compliance
First Claim
1. A computer-assisted method of assessing the risk of and/or determining the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement, the target system including hardware and/or software, the method comprising the steps of:
- a) collecting information descriptive of at least one aspect of the target system hardware and/or software, and/or a physical environment in which the system operates;
b) selecting at least one predefined standard, regulation and/or requirement with which the system is to comply;
c) generating a score for each of a plurality of threat elements, each score indicating a likelihood of that threat element affecting and/or impacting the target system;
d) selecting at least one test procedure against which the system is tested to satisfy the at least one predefined standard, regulation and/or requirement;
e) performing the steps associated with said at least one test procedure in said step d) to determine whether the target system passes or fails said at least one the test procedure; and
f) (1) obtaining a threat correlation indication associated with said at least one test procedure, wherein said threat correlation indication indicates a relative potential of one or more given threats to exploit a vulnerability caused by a failure of said at least one test procedure, and (2) determining a risk assessment by comparing each score generated in said step c) with a corresponding threat correlation indication of said step f) (1).
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented system, method and medium for assessing the risk of and/or determining the suitability of a system to comply with at least one predefined standard, regulation and/or requirement. In at least some embodiments of the present invention, the method comprises the steps of: 1) gathering information pertaining to the system, 2) selecting one or more requirements with which the system is to comply; 3) testing the system against the requirements; 4) performing risk assessment of the failed test procedures, and 5) generating certification documentation based on an assessment of the first four elements.
-
Citations
61 Claims
-
1. A computer-assisted method of assessing the risk of and/or determining the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement, the target system including hardware and/or software, the method comprising the steps of:
-
a) collecting information descriptive of at least one aspect of the target system hardware and/or software, and/or a physical environment in which the system operates;
b) selecting at least one predefined standard, regulation and/or requirement with which the system is to comply;
c) generating a score for each of a plurality of threat elements, each score indicating a likelihood of that threat element affecting and/or impacting the target system;
d) selecting at least one test procedure against which the system is tested to satisfy the at least one predefined standard, regulation and/or requirement;
e) performing the steps associated with said at least one test procedure in said step d) to determine whether the target system passes or fails said at least one the test procedure; and
f) (1) obtaining a threat correlation indication associated with said at least one test procedure, wherein said threat correlation indication indicates a relative potential of one or more given threats to exploit a vulnerability caused by a failure of said at least one test procedure, and (2) determining a risk assessment by comparing each score generated in said step c) with a corresponding threat correlation indication of said step f) (1). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. In a general purpose computing system, a computer-assisted and user assisted method for assessing the risk of and/or determining the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement, the target system including hardware and/or software, the general purpose computing system interacting with a user and performing the steps of:
-
a) collecting and/or receiving information descriptive of at least one aspect of the target system hardware and/or software, and/or a physical environment in which the system operates;
b) selecting at least one predefined standard, regulation and/or requirement with which the system is to comply;
c) generating a score for each of a plurality of threat elements, each score indicating a likelihood of that threat element affecting and/or impacting the target system;
d) selecting at least one test procedure against which the target system is tested to satisfy the at least one predefined standard, regulation and/or requirement;
e) performing the steps associated with said at least one test procedure in said step d) to determine whether the target system passes or fails said at least one the test procedure; and
f) (1) obtaining a threat correlation indication associated with said at least one test procedure, wherein said threat correlation indication indicates a relative potential of one or more given threats to exploit a vulnerability caused by a failure of said at least one test procedure, and (2) determining a risk assessment by comparing each score generated in said step c) with a corresponding threat correlation indication of said step f) (1). - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A computer program medium storing computer instructions therein for instructing a computer to perform a computer-implemented and user assisted process for assessing the risk of and/or determining the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement, the target system including hardware and/or software, the program medium comprising:
-
a recording medium readable by the computer; and
the computer instructions stored on said recording medium instructing the computer to perform the computer-implemented and user assisted process, the instructions including;
a) collecting and/or receiving information descriptive of at least one aspect of the target system hardware and/or software, and/or a physical environment in which the system operates;
b) selecting at least one predefined standard, regulation and/or requirement with which the system is to comply;
c) generating a score for each of a plurality of threat elements, each score indicating a likelihood of that threat elements affecting and/or impacting the system;
d) selecting at least one test procedure against which the system is tested to satisfy the at least one predefined standard, regulation and/or requirement;
e) performing the steps associated with said at least one test procedure in said step d) to determine whether the target system passes or fails said at least one the test procedure; and
f) (1) obtaining a threat correlation indication associated with said at least one test procedure, wherein said threat correlation indication indicates a relative potential of one or more given threats to exploit a vulnerability caused by a failure of said at least one test procedure, and (2) determining a risk assessment by comparing each threat element generated in said step c) with said threat correlation indication of said step f)(1). - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
-
Specification