Enterprise integrity modeling

US 20070100643A1
Filed: 10/07/2005
Published: 05/03/2007
Est. Priority Date: 10/07/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer program product, tangibly embodied in an information carrier, for a knowledge processing system, the computer program product being operable to cause data processing apparatus to:

receive asset data representing a set of assets, the asset data including a respective value for each asset in the set of assets having a value;

receive threat data representing a set of threats;

each threat in the set of threats potentially reducing the value of one or more of the assets in the set of assets;

receive measures data representing a set of measures;

each measure in the set of measures protecting the value of one or more assets from one or more threats;

receive assessment data representing one or more assessments;

each assessment rating one or more measures; and

calculate an implementation level for each measure based upon the assessment data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, for risk assessment and analysis In one general aspect, asset data representing a set of assets is received, the asset data includes a respective value for each asset in the set of assets having a value. Threat data representing a set of threats is received; each threat in the set of threats potentially reduces the value of one or more of the assets in the set of assets. Measures data representing a set of measures is received; each measure in the set of measures protects the value of one or more assets from one or more threats. Assessment data representing one or more assessments is received; each assessment rates one or more measures. An implementation level for each measure is calculated based upon the assessment data.

Citations

20 Claims

1. A computer program product, tangibly embodied in an information carrier, for a knowledge processing system, the computer program product being operable to cause data processing apparatus to:
- receive asset data representing a set of assets, the asset data including a respective value for each asset in the set of assets having a value;
  
  receive threat data representing a set of threats;
  
  each threat in the set of threats potentially reducing the value of one or more of the assets in the set of assets;
  
  receive measures data representing a set of measures;
  
  each measure in the set of measures protecting the value of one or more assets from one or more threats;
  
  receive assessment data representing one or more assessments;
  
  each assessment rating one or more measures; and
  
  calculate an implementation level for each measure based upon the assessment data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer program product of claim 1, the computer program product being further operable to cause data processing apparatus to:
    - calculate a potential reduction of risk of one or more assets due to the implementation level of each measure.
  - 3. The computer program product of claim 1, the computer program product being further operable to cause data processing apparatus to:
    - generate a report, the report including one or more of the status of each asset or group of assets, the status of each threat or group of threats, the status of each measure or group of measures, or the implementation level for each measure or group of measures; and
      
      display the report to one or more individuals.
  - 4. The computer program product of claim 1, wherein each assessment includes three ratings:
    - knowledge, readiness, and penetration.
  - 5. The computer program product of claim 1, wherein the assessment is received from e an interview form, the interview form including one or more questions about each measure.
  - 6. The computer program product of claim 5, wherein the interview form is completed by an individual with knowledge of one or more measures.
  - 7. The computer program product of claim 6, wherein the interview form presented to the individual only includes questions relating to the one or more measures knowledgeable to the individual.
  - 8. The computer program product of claim 6, wherein the individual responds to the questions included on the interview form by selecting a color code representing the individual'"'"'s response.
  - 9. The computer program product of claim 8, wherein the color code includes the following colors, each color being associated with a numerical rating:
    - red, indicating a low rating of the measure by the individual;
      
      yellow, indicating a medium rating of the measure by the individual;
      
      green, indicating a high rating of the measure by the individual, white, indicating that the rating of the measure is unknown by the individual, and black, indicating that the measure is not applicable to the individual.
  - 10. The computer program product of claim 1, wherein the assessment is automatically received from a incident reporting system.

11. A computer-implemented method comprising:
- receiving asset data representing a set of assets, the asset data including a respective value for each asset in the set of assets having a value;
  
  receiving threat data representing a set of threats;
  
  each threat in the set of threats potentially reducing the value of one or more of the assets in the set of assets;
  
  receiving measures data representing a set of measures;
  
  each measure in the set of measures protecting the value of one or more assets from one or more threats;
  
  receiving assessment data representing one or more assessments;
  
  each assessment rating one or more measures; and
  
  calculating an implementation level for each measure based upon the assessment data.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, further comprising:
    - calculating a potential reduction of risk of one or more assets due to the implementation level of each measure.
  - 13. The method of claim 11, further comprising:
    - generating a report, the report including one or more of the status of each asset or group of assets, the status of each threat or group of threats, the status of each measure or group of measures, or the implementation level for each measure or group of measures; and
      
      displaying the report to one or more individuals.
  - 14. The method of claim 11, wherein each assessment includes three ratings:
    - knowledge, readiness, and penetration.
  - 15. The method of claim 11, wherein the assessment is automatically received from a incident reporting system.

16. A system comprising:
- means for receiving asset data representing a set of assets, the asset data including a respective value for each asset in the set of assets having a value;
  
  means for receiving threat data representing a set of threats;
  
  each threat in the set of threats potentially reducing the value of one or more of the assets in the set of assets;
  
  means for receiving measures data representing a set of measures;
  
  each measure in the set of measures protecting the value of one or more assets from one or more threats;
  
  means for receiving assessment data representing one or more assessments;
  
  each assessment rating one or more measures; and
  
  means for calculating an implementation level for each measure based upon the assessment data.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, further comprising:
    - means for calculating a potential reduction of risk of one or more assets due to the implementation level of each measure.
  - 18. The system of claim 16, further comprising:
    - means for generating a report, the report including one or more of the status of each asset or group of assets, the status of each threat or group of threats, the status of each measure or group of measures, or the implementation level for each measure or group of measures; and
      
      means for displaying the report to one or more individuals.
  - 19. The system of claim 16, wherein each assessment includes three ratings:
    - knowledge, readiness, and penetration.
  - 20. The system of claim 16, wherein the assessment is automatically received from a incident reporting system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP AG (SAP SE)
Original Assignee
SAP AG (SAP SE)
Inventors
Wagner, Guido, Paulus, Sachar

Application Number

US11/246,559
Publication Number

US 20070100643A1
Time in Patent Office

Days
Field of Search
US Class Current

705/35
CPC Class Codes

G06Q 10/067   Enterprise or organisation ...

G06Q 40/00   Finance; Insurance; Tax str...

G06Q 99/00   Subject matter not provided...

Enterprise integrity modeling

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise integrity modeling

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links