Method and system for cyber-security vulnerability detection and compliance measurement (CDCM)
First Claim
1. A Cyber-Security Vulnerability Detection and Compliance Measurement (CDCM) system comprising:
- a set of one through “
n”
functions or sub-functions each which addresses a operational topic, capability or activity which is either required or desired to be performed in the accomplishment of the mission, task or objective of an organization, entity or individual, where the functions and/or sub-functions by analytical representations either simulates or emulates one or more, or a group of, operational topics, capabilities or activities in the context of a cyber-crime attack, cyber-terror attack or other man-made or natural disaster;
one or more input modules or functions that accept user defined actual or desired operational parameters for each function and/or sub-function;
one or more input modules or functions that accept user defined sensitivity study parameters for various functions and/or sub-functions;
one or more analytical models which translate operational topics, capabilities or activities into dollar definitive representations and transcend the incompatibility of mapping an operational environment into a financial model, a performance model, a compliance model, and related system measurement model configurations which are required to provide measurement results which are representative of, and definitive of, the system and entity, organization or individual which is being measured;
one or more output modules or functions which provide definitive representations of performance and compliance of the system and entity, organization or individual based upon the user defined actual or desired operational parameters for each functions and/or sub-functions as against a defined standard or as a raw non-standardized value;
one or more output modules or functions which provide definitive representations of the vulnerabilities and weaknesses which were observed in the system and entity, organization or individual based upon the user defined actual or desired operational parameters for each functions and/or sub-functions;
one or more output modules or functions which provide the capabilities to report and to archive the definitive and/or parametric results of the various measurements and definitive results provided by these models and processing activities; and
one or more output modules or functions which provide definitive representations of the intermediate and local function and/or sub-function performance parameters and the ability to report and to archive such values and parameters.
0 Assignments
0 Petitions
Accused Products
Abstract
Method and System for Cyber-Security Vulnerability Detection and Compliance Measurement (CDCM) provides any entity, organization or individual with access to or possession of sensitive, confidential or secret information, defined as “protected information,” in digital format that is received, processed, stored or distributed by a computer, computer system or digital processing equipment with the capability to detect and respond to cyber security vulnerabilities and to measure compliance with cyber-security requirements as established by the Federal Security Information Management Act (FISMA) for the security of protected information and certain additional related desirable or mandatory cyber-security requirements. In one sample embodiment of the invention, the method utilizes a damage assessment function; a security assessment function; a security plan or planning function; a training management function; a response management function; a cyber-security management function; a scoring measurement function; and a review and analysis function; to establish a quantifiable and definitive numerical measurement of the relative compliance of a specific processing system, at a specific point in time, to a defined and established threshold value of performance, or compliance acceptance, and to provide, assemble and be capable of archiving the supporting parameters, status, states and analysis that is specifically associated with the numerical value which represents the specific processing system'"'"'s state of compliance at the specified time and to utilize various intermediate values and parameters to manage and enhance the performance of the specific system thereby improving the systems compliance score and numerical performance measurement value.
127 Citations
4 Claims
-
1. A Cyber-Security Vulnerability Detection and Compliance Measurement (CDCM) system comprising:
-
a set of one through “
n”
functions or sub-functions each which addresses a operational topic, capability or activity which is either required or desired to be performed in the accomplishment of the mission, task or objective of an organization, entity or individual, where the functions and/or sub-functions by analytical representations either simulates or emulates one or more, or a group of, operational topics, capabilities or activities in the context of a cyber-crime attack, cyber-terror attack or other man-made or natural disaster;
one or more input modules or functions that accept user defined actual or desired operational parameters for each function and/or sub-function;
one or more input modules or functions that accept user defined sensitivity study parameters for various functions and/or sub-functions;
one or more analytical models which translate operational topics, capabilities or activities into dollar definitive representations and transcend the incompatibility of mapping an operational environment into a financial model, a performance model, a compliance model, and related system measurement model configurations which are required to provide measurement results which are representative of, and definitive of, the system and entity, organization or individual which is being measured;
one or more output modules or functions which provide definitive representations of performance and compliance of the system and entity, organization or individual based upon the user defined actual or desired operational parameters for each functions and/or sub-functions as against a defined standard or as a raw non-standardized value;
one or more output modules or functions which provide definitive representations of the vulnerabilities and weaknesses which were observed in the system and entity, organization or individual based upon the user defined actual or desired operational parameters for each functions and/or sub-functions;
one or more output modules or functions which provide the capabilities to report and to archive the definitive and/or parametric results of the various measurements and definitive results provided by these models and processing activities; and
one or more output modules or functions which provide definitive representations of the intermediate and local function and/or sub-function performance parameters and the ability to report and to archive such values and parameters. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
-
Current AssigneeGlenn Gearhart
-
Original AssigneeGlenn Gearhart
-
InventorsGearhart, Glenn
-
Application NumberUS10/737,503Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/4CPC Class CodesG06F 21/577 Assessing vulnerabilities a...G06Q 10/00 Administration; Management
