Security maturity assessment method
First Claim
1. A method for assessing an information security policy and practice of an organization, comprising:
- determining a risk associated with the information security policy and practice;
collecting information about the information security policy and practice;
generating a rating using a security maturity assessment matrix, the collected information, and the risk associated with the information security policy and practice;
generating a list of corrective actions using the rating;
executing the list of corrective actions to create a new security information policy and practice; and
monitoring the new security information policy and practice.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for assessing an information security policy and practice of an organization, including determining a risk associated with the information security policy and practice, collecting information about the information security policy and practice, generating a rating using a security maturity assessment matrix, the collected information, and the risk associated with the information security policy and practice, generating a list of corrective actions using the rating, executing the list of corrective actions to create a new security information policy and practice, and monitoring the new security information policy and practice.
192 Citations
19 Claims
-
1. A method for assessing an information security policy and practice of an organization, comprising:
-
determining a risk associated with the information security policy and practice;
collecting information about the information security policy and practice;
generating a rating using a security maturity assessment matrix, the collected information, and the risk associated with the information security policy and practice;
generating a list of corrective actions using the rating;
executing the list of corrective actions to create a new security information policy and practice; and
monitoring the new security information policy and practice. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus for assessing an information security policy and practice of an organization, comprising:
-
means for determining a risk associated with the information security policy and practice;
means for collecting information about the information security policy and practice;
means for generating a rating using a security maturity assessment matrix, the collected information, and the risk associated with the information security policy and practice;
means for generating a list of corrective actions using the rating;
means for executing the list of corrective actions to create a new security information policy; and
means for monitoring the new security information policy. - View Dependent Claims (17)
-
-
18. A computer system for assessing an information security policy and practice of an organization, comprising:
-
a processor;
a memory;
an input means; and
software instructions stored in the memory for enabling the computer system under control of the processor, to perform;
determining a risk associated with the information security policy and practice;
collecting information about the information security policy and practice using the input means;
generating a rating using a security maturity assessment matrix, the collected information, and the risk associated with the information security policy and practice;
generating a list of corrective actions using the rating;
executing the list of corrective actions to create a new security information policy and practice; and
monitoring the new security information policy and practice. - View Dependent Claims (19)
-
Specification