Control transparency framework
First Claim
1. A method for a control transparency framework, comprising:
- identifying threats to an organization;
developing a risk score for each of the threats to develop a threat portfolio, wherein the risk score is indicative of an impact each threat may have on the organization and a probability of the threat occurring;
developing a maturity portfolio comprising a maturity level for controls, the maturity levels being determined utilizing a maturity model, the maturity model comprising a Control Objective for Information and Related Technology (COBIT) maturity model, a Capability Maturity Model (CMM), or a combination of the above;
configuring at least one processor to perform the function of mapping information from the threat portfolio to the maturity portfolio to develop a control portfolio;
determining a gap portfolio comprising identifying any gaps between a target state maturity level of each control and a current maturity level of each control assigned to handle each of the at least one identified threat, such that the gap occurs if the target state maturity level is at a level that is higher than the current maturity level; and
developing a control transparency portfolio to close each of the gaps to match or exceed the target state maturity level.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention are directed to methods, systems and computer program products for a control transparency framework which is, in one embodiment, a transparent (i.e. easy to understand) and actionable risk/reward approach for organizational processes, controls, training and development. The control transparency framework method includes identifying threats to an organization, developing a risk score for each of the threats to develop a threat portfolio, developing a maturity portfolio, developing a control portfolio, determining a gap portfolio, and developing a control transparency portfolio to close gaps. A gap exists between a target state maturity level of each identified threat and a current maturity level of each control assigned to handle each identified threat, such that the gap occurs if the target state maturity level is at a level that is lower than the control maturity level.
-
Citations
27 Claims
-
1. A method for a control transparency framework, comprising:
-
identifying threats to an organization; developing a risk score for each of the threats to develop a threat portfolio, wherein the risk score is indicative of an impact each threat may have on the organization and a probability of the threat occurring; developing a maturity portfolio comprising a maturity level for controls, the maturity levels being determined utilizing a maturity model, the maturity model comprising a Control Objective for Information and Related Technology (COBIT) maturity model, a Capability Maturity Model (CMM), or a combination of the above; configuring at least one processor to perform the function of mapping information from the threat portfolio to the maturity portfolio to develop a control portfolio; determining a gap portfolio comprising identifying any gaps between a target state maturity level of each control and a current maturity level of each control assigned to handle each of the at least one identified threat, such that the gap occurs if the target state maturity level is at a level that is higher than the current maturity level; and developing a control transparency portfolio to close each of the gaps to match or exceed the target state maturity level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product for implementing a control transparency framework, the computer program product embodied in a non-transitory computer-readable storage medium having a computer program residing thereon, the computer program comprising:
-
instructions for identifying threats to an organization; instructions for developing a risk score for each of the threats to develop a threat portfolio, wherein the risk score is indicative of an impact each threat may have on the organization and a probability of the threat occurring; instructions for developing a maturity portfolio comprising a maturity level for controls, the maturity levels being determined utilizing a maturity model, the maturity model comprising a Control Objective for Information and Related Technology (COBIT) maturity model, a Capability Maturity Model (CMM), or a combination of the above; instructions for mapping information from the threat portfolio to the maturity portfolio to develop a control portfolio; instructions for determining a gap portfolio comprising identifying any gaps between a target state maturity level of each control and a current maturity level of each control assigned to handle each of the at least one identified threat, such that the gap occurs if the target state maturity level is at a level that is higher than the current maturity level; and instructions for developing a control transparency portfolio to close each of the gaps to match or exceed the target state maturity level. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. Apparatus for control transparency framework, the apparatus comprising
means for identifying threats to an organization; -
means for developing a risk score for each of the threats to develop a threat portfolio, wherein the risk score is indicative of an impact each threat may have on the organization and a probability of the threat occurring; means for developing a maturity portfolio comprising a maturity level for controls, the maturity levels being determined utilizing a maturity model, the maturity model comprising a Control Objective for Information and Related Technology (COBIT) maturity model, a Capability Maturity Model (CMM), or a combination of the above; means for mapping information from the threat portfolio to the maturity portfolio to develop a control portfolio; means for determining a gap portfolio comprising identifying any gaps between a target state maturity level of each of control and a current maturity level of each control assigned to handle each of the at least one identified threat, such that the gap occurs if the target state maturity level is at a level that is higher than the current maturity level; and means for developing a control transparency portfolio to close each of the gaps to match or exceed the target state maturity level. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A system for control transparency framework, the apparatus comprising:
-
a computer processor; a data structure operable on the computer processor to identify threats to an organization; a data structure operable on the computer processor to develop a risk score for each of the threats to develop a threat portfolio, wherein the risk score is indicative of an impact each threat may have on the organization and a probability of the threat occurring; a data structure operable on the computer processor to develop a maturity portfolio comprising a maturity level for controls, the maturity levels being determined utilizing a maturity model, the maturity model comprising a Control Objective for Information and Related Technology (COBIT) maturity model, a Capability Maturity Model (CMM), or a combination of the above; a data structure operable on the computer processor to map information from the threat portfolio to the maturity portfolio to develop a control portfolio; a data structure operable on the computer processor to determine a gap portfolio comprising identifying any gaps between a target state maturity level of each control and a current maturity level of each control assigned to handle each of the at least one identified threat, such that the gap occurs if the target state maturity level is at a level that is higher than the current maturity level; and a data structure operable on the computer processor to develop a control transparency portfolio to close each of the gaps to match or exceed the target state maturity level. - View Dependent Claims (23, 24, 25, 26, 27)
-
Specification