Enhanced system, method and medium for certifying and accrediting requirements compliance utilizing robust risk assessment model
First Claim
Patent Images
1. A method, comprising:
- associating at least one first data element uniquely with at least one requirement category, each first data element from the at least one first data element representing a potential of a vulnerability that could be used to exploit a target system;
associating at least one second data element uniquely with a degree of exposure of the target system to a threat associated with the vulnerability of the target system;
comparing the at least one first data element to the at least one second data element;
determining, based on predetermined rules, at least one composite data element for each requirement category from the at least one requirement category; and
determining a baseline risk level for each requirement category from the at least one requirement category, the baseline risk level for each requirement category being based on a level of risk of the composite data element associated with that requirement category.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes providing one or more test requirements categories, associating one or more first data elements with each requirements category, associating one or more second data elements with a degree of exposure of the target system to the one or more threats, comparing the first data elements to the second data elements to determine, based on predetermined rules, composite data elements for each requirements category; and selecting, based upon predetermined rules, a level of risk of the composite data elements as a baseline risk level for each requirements category.
367 Citations
71 Claims
-
1. A method, comprising:
-
associating at least one first data element uniquely with at least one requirement category, each first data element from the at least one first data element representing a potential of a vulnerability that could be used to exploit a target system;
associating at least one second data element uniquely with a degree of exposure of the target system to a threat associated with the vulnerability of the target system;
comparing the at least one first data element to the at least one second data element;
determining, based on predetermined rules, at least one composite data element for each requirement category from the at least one requirement category; and
determining a baseline risk level for each requirement category from the at least one requirement category, the baseline risk level for each requirement category being based on a level of risk of the composite data element associated with that requirement category. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system, comprising:
-
at least one data repository configured to store at least one requirement category and information about potential vulnerabilities, the at least one data repository being further configured to store predetermined rules configured to be used in determining risk levels;
a processor in communication with the at least one data repository, the processor configured to associate at least one first data element uniquely with the at least one requirement category, each first data element from the at least one first data element representing a potential of a vulnerability that could be used to exploit a target system, the processor being configured to associate at least one second data element uniquely with a degree of exposure of the target system to the a threat associated with the vulnerability of the target system, the processor being configured to compare the at least one first data element to the at least one second data element, the processor being configured to determine, based on predetermined rules, at least one composite data element for each requirement category from the at least one requirement category, the processor being further configured to determine a baseline risk level for each requirement category from the at least one requirement category, the baseline risk level for each requirement category being based on a level of risk of the composite data element associated with that requirement category. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. A processor-readable medium comprising code representing instructions to cause a processor to:
-
associate at least one first data element uniquely with at least one requirement category, each first data element from the at least one first data element representing a potential of a vulnerability that could be used to exploit a target system;
associate at least one second data element uniquely with the vulnerability of the target system;
compare the at least one first data element to the at least one second data element;
determine, based on predetermined rules, at least one composite data element for each requirement category from the at least one requirement category; and
determine a baseline risk level for each requirement category from the at least one requirement category, the baseline risk level for each requirement category being based on a level of risk of the composite data element associated with that requirement category. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69)
-
-
70. A device, comprising:
-
at least one memory area; and
at least one processor, the processor being configured to associate at least one first data element uniquely with at least one requirement category, each first data element from the at least one first data element representing a potential of a vulnerability that could be used to exploit a target system, the processor being configured to associate at least one second data element uniquely with a degree of exposure of the target system to a threat associated with the vulnerability of the target system, the processor being configured to compare the at least one first data element to the at least one second data element, the processor being configured to determine, based on predetermined rules, at least one composite data element for each requirement category from the at least one requirement category, the processor being further configured to determine a baseline risk level for each requirement category from the at least one requirement category, the baseline risk level for each requirement category being based on a level of risk of the composite data element associated with that requirement category. - View Dependent Claims (71)
-
Specification