Risk control system

US 20060136327A1
Filed: 07/01/2003
Published: 06/22/2006
Est. Priority Date: 04/01/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for assessing risk within an organization, comprising:

defining one or more zones, each of said one and more zones comprising an environment;

identifying one or more assets of said organization, each of said assets being located in a respective one of said zones;

conducting a respective impact assessment for each of said assers, each assessment comprising assessing the impact of the loss of said respective asset;

conducting for each of said zones a respective zone risk assessment, comprising assessing the risk level associated with placing a respective asset within said respective corresponding zone;

conducting for each asset a respective asset risk assessment, comprising assessing the risk level associated with said respective asset independent of the respective zone of saud respective asset; and

assessing risk on the basis of at least said impact assessment, said zone risk assessment and said asset risk assessments.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a method for assessing risk within an organization, comprising: defining one or more zones (2), each of the one or more zones comprising an environment; identifying one or more assets (4) of the organization, each of the assets being located in a respective one of the zones; conducting a respective impact assessment (6) for each of the assets, each assessment comprising assessing the impact of the loss of the respective asset; conducting for each of the zones a respective zone risk assessment (8a), comprising assessing the risk level associated with placing a respective asset within the respective corresponding zone; and conducting for each asset a respective asset risk assessment (8b), comprising assessing the risk level associated with the respective asset independent of the respective zone of the respective asset; and assessing risk on the basis of at least the impact assessment, the zone risk assessments and the asset risk assessments. The invention also provides a risk management method, comprising assessing risk according to the method described above and managing said risk.

79 Citations

View as Search Results

26 Claims

1. A method for assessing risk within an organization, comprising:
- defining one or more zones, each of said one and more zones comprising an environment;
  
  identifying one or more assets of said organization, each of said assets being located in a respective one of said zones;
  
  conducting a respective impact assessment for each of said assers, each assessment comprising assessing the impact of the loss of said respective asset;
  
  conducting for each of said zones a respective zone risk assessment, comprising assessing the risk level associated with placing a respective asset within said respective corresponding zone;
  
  conducting for each asset a respective asset risk assessment, comprising assessing the risk level associated with said respective asset independent of the respective zone of saud respective asset; and
  
  assessing risk on the basis of at least said impact assessment, said zone risk assessment and said asset risk assessments.
- View Dependent Claims (2, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 24, 25, 26)
- - 2. A method as claimed in claim 1, including identifying one or more asset custodians, each comprising a custodian of a respective asset, and identifying one or more of said assets. pcm 3. A method as claimed in claim 2, wherein each of said custodians is an employee with care-taking responsibilities.
  - 4. A method as claimed in claim 1, including maintaining a register of said assets. cm 5. A method as claimed in claim 4, wherein said register includes a respective owner of each of said assets.
  - 6. A method as claimed in claim 1, including maintaining a register of said zones.
  - 7. A method as claimed in claim 6, wherein said register includes a respective custodian of each of said zones.
  - 8. A method as claimed in claim 1, wherein each of said assets is information related.
  - 9. A method as claimed in claim 2, wherein each of said assets is information related, and each of said asset custodians is an information custodian, each comprising a custodian of a respective information storage device within said organization.
  - 10. A method as claimed in claim 9, including defining at least four types of custodians:
    - 1) physical and environment custodians,
      
           2) network custodians,
      
           3) software engineering custodians, and
      
           4) MIS support custodians.
  - 11. A method as claimed in claim 2, wherein each of said respective zone assessments is conducted by the respective custodian of said respective zone.
  - 12. A method as claimed in claim 2, wherein each of said respective asset assessments is conducted by the respective owner of said respective asset.
  - 13. A method as claimed in claim 1, including regarding the loss of an asset as equivalent to the loss of a system of which said asset is a part.
  - 14. A method as claimed in claim 1, including determining a measured risk for each asset, said measured risk for a respective asset comprising the product of 1) an impact level determined in said impact assessment and 2) the maximum of an asset risk determined in said asset risk assessment and an asset risk determined in said zone risk assessment.
  - 15. A method as claimed in claim 2, wherein none of said custodians is an owner.
  - 24. A risk management method, comprising:
    - assessing risk according to the method of claim 1;
      
      and managing said risk.
  - 25. A method as claimed in claim 24, wherein said managing of said risk comprises:
    - determining the distribution of the number of assets as a function of associated measured risk;
      
      determining a maximum acceptable risk level; and
      
      applying one or more controls if any of said assets exceeds said maximum acceptable risk level.
  - 26. A method as claimed in claim 24, wherein said acceptable risk level comprises the lower of the highest available measured risk or 100%.

16. An apparatus for assessing risk within an organization, comprising:
- data input means for inputting asset information into a register of assets, each of said assets being an asset of said organization, each of said assets being located in a respective zone;
  
  data storage for storing said register of assets, including for each of said assets said respective zone;
  
  means for receiving or storing a respective zone risk assessment for each of said zones, said respective zone risk assessment comprising an assessment of the risk level associated with placing a respective asset within said respective corresponding zone;
  
  means for receiving or storing a respective asset risk assessment for each asset, said respective asset risk assessment comprising an assessment of the risk level associated with said respective asset independent of the respective zone of said respective asset;
  
  means for receiving or storing a respective impact assessment for each of said assets, each assessment comprising assessing the impact of the loss of said respective asset, and for assessing risk on the basis of at least said impact assessment, said zone risk assessments and said asset risk assessments to thereby form a risk assessment; and
  
  output means for outputting said risk assessment.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. An apparatus as claimed in claim 16, wherein said apparatus is operable to associate with each of said assets an asset custodian, each comprising a custodian of a respective asset, and to associate with each of said assets at least one asset owner, each comprising an owner of a respective one or more of said assets.
  - 18. An apparatus as claimed in claim 16, wherein said register of assets includes a respective owner of each of said assets.
  - 19. An apparatus as claimed in claim 16, wherein said apparatus includes data storage for storing a register of said zones.
  - 20. An apparatus as claimed in claim 19, wherein said zone register includes data for associating a respective custodian with each of said zones.
  - 21. An apparatus as claimed in claim 16, wherein each of said assets is information related.
  - 22. An apparatus as claimed in claim 16, wherein said apparatus is operable to treat the loss of an asset as equivalent to the loss of a system of which said asset is a part.
  - 23. An apparatus as claimed in claim 16, wherein said apparatus is operable to determine a measured risk for each asset, said measured risk for a respective asset comprising the product of 1) an impact level determined in said impact assessment and 2) the maximum of an asset risk determined in said asset risk assessment and an asset risk determined in said zone risk assessment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cheng Hwee You
Original Assignee
Cheng Hwee You
Inventors
You, Cheng Hwee

Application Number

US10/550,617
Publication Number

US 20060136327A1
Time in Patent Office

Days
Field of Search
US Class Current

705/38
CPC Class Codes

G06Q 40/03 Credit; Loans; Processing t...

G06Q 40/08 Insurance

Risk control system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Risk control system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links