Automated security management

US 20030154393A1
Filed: 02/12/2002
Published: 08/14/2003
Est. Priority Date: 02/12/2002
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing risk related to a security risk event, the method comprising:

receiving information relating to a security risk event;

structuring the information received according to risk variables; and

calculating a security level using the structured information and a set of relationships established between the risk variables.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computerized method and system for managing security risk, where risk associated with a breach of security is analyzed and quantified according to weighted risk variables. The analysis is accomplished by a computerized security risk management system that receives information relating to physical, informational, communication and surveillance risk, and structures the information such that it can be related to risk variables and a security risk level can be calculated according to a relevance of associated risk variables. The security risk level can be indicative of a likelihood that a breach of security may occur relating to a particular transaction or facility. Similarly, a security confidence level can be indicative of how secure a particular facility or practice is and a security maintenance level can be indicative of a level of security that should be maintained in relation to an analyzed subject.

131 Citations

28 Claims

1. A computer-implemented method for managing risk related to a security risk event, the method comprising:
- receiving information relating to a security risk event;
  
  structuring the information received according to risk variables; and
  
  calculating a security level using the structured information and a set of relationships established between the risk variables.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1 wherein the security level comprises an indication of an amount of risk that a breach of security may occur relating to the security risk event.
  - 3. The method of claim 1 wherein the security level comprises a security confidence level indicative of how secure a particular facility can be made relative to a particular security risk event.
  - 4. The method of claim 1 wherein the security level comprises a security confidence level can be indicative of how secure a particular practice can be made relative to a particular security risk event.
  - 5. The method of claim 1 wherein the security level comprises a security maintenance level indicative of a level of security that should be maintained in relation to an analyzed security risk event.
  - 6. The method of claim 1 additionally comprising the step of:
    - generating a suggested security measure according to the security level and structured information.
  - 7. The method of claim 6 additionally comprising the step of:
    - storing the information received, the security level and the suggested security measure.
  - 8. The method of claim 6 additionally comprising the step of:
    - receiving information relating to security measures executed; and
      
      generating a security diligence report.
  - 9. The method of claim 8 wherein the security diligence report comprises inquiries made relating to the security risk event and security measures executed responsive to the security level.
  - 10. The method of claim 6 wherein the suggested security measure comprises physical protection of media containing information relating to the transaction.
  - 11. The method of claim 1 wherein the suggested security measure comprises physical protection of a facility associated with the security risk.
  - 12. The method of claim 1 wherein the wherein the suggested security measure comprises physical protection of a building associated with a business transaction.
  - 13. The method of claim 1 wherein the suggested action comprises notifying an authority regarding potential breach of security.
  - 14. The method of claim 6 additionally comprising the step of:
    - branding the suggested security measure according to the set of relationships between the risk variables.
  - 15. The method of claim 1 wherein level of analysis utilized in the calculation of the security level is rated according to a classification.
  - 16. The method of claim 1 wherein the calculation comprises a level of weighting associated with a category of risk variables.
  - 17. The method of claim 1 wherein the calculation comprises aggregating multiple weightings of risk variables.
  - 18. The method of claim 1 wherein the calculation comprises a relationship algorithm that determines which variables effect other variables.
  - 19. The method of claim 1 wherein the calculation includes a relationship algorithm comprising how data comprising a first variable can effect a weighting for a second variable.
  - 20. The method of claim 1 additionally comprising the step of:
    - recalculating the security level responsive to new information received.
  - 21. The method of claim 1 additionally comprising the step of:
    - recalculating the security level responsive to progression of a chronology of e vents.

22. A computerized system for managing risk related to a security risk event, the system comprising:
- a computer server accessible with a system access device via a communications network; and
  
  executable software stored on the server and executable on demand, the software operative with the server to cause the system to;
  
  receive in formation relating to a security risk event;
  
  structure the information received according to risk variables; and
  
  calculate a security level using the structured information and a set of relationships established between the risk variables.
- View Dependent Claims (23)
- - 23. The computerized system of claim 22 wherein the data is gathered via an electronic feed

24. Computer executable program code residing on a computer-readable medium, the program code comprising instructions for causing the computer to:
- receive information relating to a security risk event;
  
  structure the information received according to risk variables; and
  
  calculate a security level using the structured information and a set of relationships established between the risk variables.

25. A computer data signal embodied in a digital data stream comprising data relating to risk management, wherein the computer data signal is generated by a method comprising the steps of:
- receiving information relating to a security risk event;
  
  structuring the information received according to risk variables; and
  
  calculating a security level using the structured information and a set of relationships established between the risk variables.

26. A method of interacting with a network access device so as to manage risk relating to a risk subject, the method comprising the steps of:
- initiating interaction with a security risk management server via a communications network;
  
  inputting information descriptive of a security risk event;
  
  transmitting the information descriptive of security risk event to a security risk management server; and
  
  receiving a security level calculated using the information descriptive of a security risk event and a set of relationships established between risk variables associated with the information descriptive of a security risk event.
- View Dependent Claims (28)
- - 28. The method of claim 26 additionally comprising the step of receiving a suggested security measure according to the security level and structured information.

27. The method of claim 35 wherein the risk event is a financial transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Goldman Sachs & Co. LLC (Goldman Sachs Group Incorporated)
Original Assignee
Goldman Sachs & Company (Goldman Sachs Group Incorporated)
Inventors
Young, Carl

Granted Patent

US 7,287,280 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/10   Office automation; Time man...

G06Q 30/02   Marketing; Price estimation...

H04L 63/1433   Vulnerability analysis

Automated security management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

131 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

Automated security management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others