System, method and medium for certifying and accrediting requirements compliance
DCFirst Claim
1. A computer-assisted method of assessing the risk of and/or determining the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement, the target system including hardware and/or software, the method comprising the steps of:
- a) collecting information descriptive of at least one aspect of the target system hardware and/or software, and/or a physical environment in which the target system operates;
b) selecting at least one predefined standard, regulation and/or requirement with which the target system is to comply;
c) generating a score for each of a plurality of threat elements, each score indicating a likelihood of that threat element affecting and/or impacting the target system;
d) selecting at least one test procedure against which the target system is tested to satisfy the at least one predefined standard, regulation and/or requirement;
e) performing the steps associated with said at least one test procedure in said step d) to determine whether the target system passes or fails said at least one test procedure; and
f) (1) obtaining a threat correlation indication associated with said at least one test procedure, wherein said threat correlation indication indicates a relative potential of one or more threat elements to exploit a vulnerability caused by a failure of said at least one test procedure, and (2) determining a risk assessment by comparing each score generated in said step c) with a corresponding threat correlation indication of said step f) (1).
6 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A computer-implemented system, method and medium for assessing the risk of and/or determining the suitability of a system to comply with at least one predefined standard, regulation and/or requirement. In at least some embodiments of the present invention, the method can utilize the steps of: 1) gathering information pertaining to the system, 2) selecting one or more requirements with which the system is to comply; 3) testing the system against the requirements; 4) performing risk assessment of the failed test procedures, and 5) generating certification documentation based on an assessment of the first four elements.
381 Citations
61 Claims
-
1. A computer-assisted method of assessing the risk of and/or determining the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement, the target system including hardware and/or software, the method comprising the steps of:
-
a) collecting information descriptive of at least one aspect of the target system hardware and/or software, and/or a physical environment in which the target system operates;
b) selecting at least one predefined standard, regulation and/or requirement with which the target system is to comply;
c) generating a score for each of a plurality of threat elements, each score indicating a likelihood of that threat element affecting and/or impacting the target system;
d) selecting at least one test procedure against which the target system is tested to satisfy the at least one predefined standard, regulation and/or requirement;
e) performing the steps associated with said at least one test procedure in said step d) to determine whether the target system passes or fails said at least one test procedure; and
f) (1) obtaining a threat correlation indication associated with said at least one test procedure, wherein said threat correlation indication indicates a relative potential of one or more threat elements to exploit a vulnerability caused by a failure of said at least one test procedure, and (2) determining a risk assessment by comparing each score generated in said step c) with a corresponding threat correlation indication of said step f) (1). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A general purpose computing system for implementing a method for assessing the risk of and/or determining the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement, the target system including hardware and/or software, the general purpose computing system interacting with a user to implement the method comprising the steps of:
-
a) collecting and/or receiving information descriptive of at least one aspect of the target system hardware and/or software, and/or a physical environment in which the target system operates;
b) selecting at least one predefined standard, regulation and/or requirement with which the target system is to comply;
c) generating a score for each of a plurality of threat elements, each score indicating a likelihood of that threat element affecting and/or impacting the target system;
d) selecting at least one test procedure against which the target system is tested to satisfy the at least one predefined standard, regulation and/or requirement;
e) performing the steps associated with said at least one test procedure in said step d) to determine whether the target system passes or fails said at least one test procedure; and
f) (1) obtaining a threat correlation indication associated with said at least one test procedure, wherein said threat correlation indication indicates a relative potential of one or more threat elements to exploit a vulnerability caused by a failure of said at least one test procedure, and (2) determining a risk assessment by comparing each score generated in said step c) with a corresponding threat correlation indication of said step f) (1). - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A computer program medium storing computer instructions therein for instructing a computer to perform a computer-implemented and user assisted process for assessing the risk of and/or determining the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement, the target system including hardware and/or software, the program medium comprising:
-
a recording medium readable by the computer; and
the computer instructions stored on said recording medium instructing the computer to perform the computer-implemented and user assisted process, the instructions including;
a) collecting and/or receiving information descriptive of at least one aspect of the target system hardware and/or software, and/or a physical environment in which the target system operates;
b) selecting at least one predefined standard, regulation and/or requirement with which the target system is to comply;
c) generating a score for each of a plurality of threat elements, each score indicating a likelihood of that threat elements affecting and/or impacting the target system;
d) selecting at least one test procedure against which the target system is tested to satisfy the at least one predefined standard, regulation and/or requirement;
e) performing the steps associated with said at least one test procedure in said step d) to determine whether the target system passes or fails said at least one test procedure; and
f) (1) obtaining a threat correlation indication associated with said at least one test procedure, wherein said threat correlation indication indicates a relative potential of one or more threat elements to exploit a vulnerability caused by a failure of said at least one test procedure, and (2) determining a risk assessment by comparing each threat element generated in said step c) with said threat correlation indication of said step f) (1). - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
-
Specification