Risk assessment method
First Claim
1. A risk assessment method comprising:
- a first conversion step of converting a security policy and information-system-related information into a first data format based on a predetermined application programming interface, said first data format being a data format intended for risk assessment; and
a risk assessment step of executing a risk assessment based on said security policy and information-system-related information converted.
1 Assignment
0 Petitions
Accused Products
Abstract
A risk assessment method for executing a risk assessment based on a security policy and the configuration of a current information system. An external API interface converts the security policy, a current system, and information asset data into a data format intended for risk assessment. A risk assessment program executes a risk assessment based on the security policy and the current system. Controls are also selected as appropriate. Depending on the result of the selection, modifications are also made to the security policy etc. The modified data is controls data. This data is used to perform a security simulation. The simulation result reflects the controls adopted by the risk assessment. Consequently, the simulation result obtained takes account of the result of the risk assessment.
-
Citations
8 Claims
-
1. A risk assessment method comprising:
-
a first conversion step of converting a security policy and information-system-related information into a first data format based on a predetermined application programming interface, said first data format being a data format intended for risk assessment; and
a risk assessment step of executing a risk assessment based on said security policy and information-system-related information converted. - View Dependent Claims (2, 3, 4)
-
-
5. A program for making a computer execute a first conversion step of converting either one or both of a security policy and information-system-related information into a data format intended for risk assessment based on a predetermined application programming interface.
-
6. A program for making a computer execute a second conversion step of converting either one or both of a security policy and information-system-related information into a data format intended for security policy construction based on a predetermined application programming interface.
-
7. A computer program product comprising a computer usable medium having computer readable code thereon, including program code for making a computer, execute a first conversion step of converting either one or both of a security policy and information-system-related information into a data format intended for risk assessment based on a predetermined application programming interface.
-
8. A computer program product comprising a computer usable medium having computer readable code thereon, including program code for making a computer, execute a first conversion step of converting either one or both of a security policy and information-system-related information into a data format intended for risk assessment based on a predetermined application programming interface.
Specification