Apparatus and methods for assessing and maintaining security of a computerized system under development
First Claim
Patent Images
1. A security assessment method for assessing security of a computerized system under development and having at least one security requirement, the method comprising:
- computing a control target level for at least one control existing in a computerized system under development; and
using said control target level to set a risk level for the at least one security requirement wherein said computing the target level includes;
combining a CIA vector characterizing an individual control for an individual asset with the asset'"'"'s CIA classification vector, thereby to generate a numerical value; and
using said numerical value in searching through the controls'"'"' different answers to select which answer will satisfy said individual control for said individual asset.
1 Assignment
0 Petitions
Accused Products
Abstract
A security assessment method for assessing security of a computerized system under development, the system including assets and being managed in accordance with an organization policy, the method including providing an organizational computerized system development policy; classifying said assets in said system under development, thereby to generate asset classification information; and automated creation of at least one security requirement based on said asset classification information and said organization policy.
-
Citations
39 Claims
-
1. A security assessment method for assessing security of a computerized system under development and having at least one security requirement, the method comprising:
-
computing a control target level for at least one control existing in a computerized system under development; and using said control target level to set a risk level for the at least one security requirement wherein said computing the target level includes; combining a CIA vector characterizing an individual control for an individual asset with the asset'"'"'s CIA classification vector, thereby to generate a numerical value; and using said numerical value in searching through the controls'"'"' different answers to select which answer will satisfy said individual control for said individual asset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A security assessment device for assessing security of a computerized system under development and having at least one security requirement, the device comprising:
-
a control target level computer operative for Computing a control target level for at least one control existing in a computerized system under development; and a security requirement risk level generator using said control target level to set a risk level for the at least one security requirement; wherein said computing the target level by said control target level computer includes; combining a CIA vector characterizing an individual control for an individual asset with the asset'"'"'s CIA classification vector, thereby to generate a numerical value; and using said numerical value in searching through the controls'"'"' different answers to select which answer will satisfy said individual control for said individual asset. - View Dependent Claims (19, 20)
-
-
21. A security assessment method for assessing security of a computerized system under development and having at least one security requirement, the method comprising:
-
computing a control target level for at least one control existing in a computerized system under development; and using said control target level to set a risk level for the at least one security requirement, wherein said using includes selecting a control target, setting the security requirement risk level as the CIA vector of the answer whose control'"'"'s MaxAssetClassification value is greater than or equal to the difference between the already-computed requirement risk level and the CIA vector value of the first (less good) answer for said control. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A security assessment device for assessing security of a computerized system under development and having at least one security requirement, the device comprising:
-
a control target level computer operative for computing a control target level for at least one control existing in a computerized system under development; and a security requirement risk level generator using said control target level to set a risk level for the at least one security requirement; wherein said using by said security requirement risk level generator includes selecting a control target, setting the security requirement risk level as the CIA vector of the answer whose control'"'"'s MaxAssetClassification value is greater than or equal to the difference between the already-computed requirement risk level and the CIA vector value of the first (less good) answer for said control. - View Dependent Claims (38, 39)
-
Specification