Risk assessment method

US 20030093696A1
Filed: 09/23/2002
Published: 05/15/2003
Est. Priority Date: 11/09/2001
Status: Abandoned Application

First Claim

Patent Images

1. A risk assessment method comprising:

a first conversion step of converting a security policy and information-system-related information into a first data format based on a predetermined application programming interface, said first data format being a data format intended for risk assessment; and

a risk assessment step of executing a risk assessment based on said security policy and information-system-related information converted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A risk assessment method for executing a risk assessment based on a security policy and the configuration of a current information system. An external API interface converts the security policy, a current system, and information asset data into a data format intended for risk assessment. A risk assessment program executes a risk assessment based on the security policy and the current system. Controls are also selected as appropriate. Depending on the result of the selection, modifications are also made to the security policy etc. The modified data is controls data. This data is used to perform a security simulation. The simulation result reflects the controls adopted by the risk assessment. Consequently, the simulation result obtained takes account of the result of the risk assessment.

Citations

8 Claims

1. A risk assessment method comprising:
- a first conversion step of converting a security policy and information-system-related information into a first data format based on a predetermined application programming interface, said first data format being a data format intended for risk assessment; and
  
  a risk assessment step of executing a risk assessment based on said security policy and information-system-related information converted.
- View Dependent Claims (2, 3, 4)
- - 2. The risk assessment method according to claim 1, further comprising:
    - a modification step of modifying either one or both of said security policy and said information-system-related information based on the result of assessment at said risk assessment step;
      
      a second conversion step of converting either one or both of said security policy and said information-system-related information modified at said modification step into a second data format based on said application programming interface, said second data format being a data format intended for security policy construction; and
      
      a simulation step of performing a simulation as to security based on said security policy and information-system-related information in said second data format.
  - 3. The risk assessment method according to claim 2, wherein said simulation at said simulation step checks if security is provided.
  - 4. A security policy construction method including the risk assessment method according to claim 2, further comprising a security policy construction step of constructing said security policy reflecting a result of said simulation.

5. A program for making a computer execute a first conversion step of converting either one or both of a security policy and information-system-related information into a data format intended for risk assessment based on a predetermined application programming interface.

6. A program for making a computer execute a second conversion step of converting either one or both of a security policy and information-system-related information into a data format intended for security policy construction based on a predetermined application programming interface.

7. A computer program product comprising a computer usable medium having computer readable code thereon, including program code for making a computer, execute a first conversion step of converting either one or both of a security policy and information-system-related information into a data format intended for risk assessment based on a predetermined application programming interface.

8. A computer program product comprising a computer usable medium having computer readable code thereon, including program code for making a computer, execute a first conversion step of converting either one or both of a security policy and information-system-related information into a data format intended for risk assessment based on a predetermined application programming interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Asgent, Inc.
Original Assignee
Asgent, Inc.
Inventors
Sugimoto, Takahiro

Application Number

US10/251,793
Publication Number

US 20030093696A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06Q 40/08 Insurance

Risk assessment method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Risk assessment method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links