×

System, method and medium for certifying and accrediting requirements compliance

  • US 20020069035A1
  • Filed: 02/28/2001
  • Published: 06/06/2002
  • Est. Priority Date: 08/09/2000
  • Status: Active Grant
First Claim
Patent Images

1. A computer-assisted method of assessing the risk of and/or determining the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement, the target system including hardware and/or software, the method comprising the steps of:

  • a) collecting information descriptive of at least one aspect of the target system hardware and/or software, and/or a physical environment in which the system operates;

    b) selecting at least one predefined standard, regulation and/or requirement with which the system is to comply;

    c) generating a score for each of a plurality of threat elements, each score indicating a likelihood of that threat element affecting and/or impacting the target system;

    d) selecting at least one test procedure against which the system is tested to satisfy the at least one predefined standard, regulation and/or requirement;

    e) performing the steps associated with said at least one test procedure in said step d) to determine whether the target system passes or fails said at least one the test procedure; and

    f) (1) obtaining a threat correlation indication associated with said at least one test procedure, wherein said threat correlation indication indicates a relative potential of one or more given threats to exploit a vulnerability caused by a failure of said at least one test procedure, and (2) determining a risk assessment by comparing each score generated in said step c) with a corresponding threat correlation indication of said step f) (1).

View all claims
  • 6 Assignments
Timeline View
Assignment View
    ×
    ×