Assessing network security risk using best practices
First Claim
1. A method on a computer for assessing network security in a network topology using best practice templates (BPTs), comprising:
- providing a BPT catalog comprising a plurality of BPTs, wherein each BPT comprises a best practice (BP) that comprises;
an identification predicate returning identification results over a network related object set having one or more objects and object values, andan evaluation predicate returning a Boolean result of TRUE or FALSE or that can be evaluated to PASS or FAIL;
identifying one or more targets for the assessment using the BP;
for each target, evaluating compliance of the target using evaluation criteria that are a part of the BP evaluation predicate as PASS or FAIL;
a processor of the computer determining a composite compliance result across all targets as being PASS if all targets evaluated to PASS; and
displaying or storing the compliance result.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and appertaining system for implementing the method are provided that utilize predefined Best Practice Templates that are rules/criteria for assessing the security of a particular network and devices on the network. A value is determined for each object and connection within a network as to whether it passes or fails one of the Best Practice criteria, and a pass ratio is determined for a particular Best Practice. Numerous Best Practice tests may be run, and an overall total value based on the collective sum of the Best Practice measurements is determined. This value can be utilized to provide a user with information that relates to the overall security of a network and can be used in compliance determinations and network architecture design.
-
Citations
20 Claims
-
1. A method on a computer for assessing network security in a network topology using best practice templates (BPTs), comprising:
-
providing a BPT catalog comprising a plurality of BPTs, wherein each BPT comprises a best practice (BP) that comprises; an identification predicate returning identification results over a network related object set having one or more objects and object values, and an evaluation predicate returning a Boolean result of TRUE or FALSE or that can be evaluated to PASS or FAIL; identifying one or more targets for the assessment using the BP; for each target, evaluating compliance of the target using evaluation criteria that are a part of the BP evaluation predicate as PASS or FAIL; a processor of the computer determining a composite compliance result across all targets as being PASS if all targets evaluated to PASS; and displaying or storing the compliance result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for assessing network security in a network topology using BPTs, comprising:
-
a processor; a memory for storing algorithms that execute on the processor; a BPT catalog residing on a storage element of the system comprising a plurality of BPTs, wherein each BPT comprises a best practice (BP) that comprises; an identification predicate returning identification results over a network related object set having one or more objects and object values, and an evaluation predicate returning a Boolean result of TRUE or FALSE or that can be evaluated to PASS or FAIL; an algorithm for identifying one or more targets for the assessment using the BP, and that, for each target, evaluates compliance of the target using evaluation criteria that are a part of the BP evaluation predicate as PASS or FAIL; an algorithm for determining a composite compliance result across all targets as being PASS if all targets evaluated to PASS; and at least one of a user interface for displaying the composite compliance result, and a data storage for storing the composite compliance result.
-
Specification