System and method for risk detection reporting and infrastructure
First Claim
1. A method, implemented using a processor and a memory, for monitoring and controlling risks associated with a supply chain, comprising:
- accessing the memory to identify safety based risk elements within a supply chain infrastructure where the safety based risk elements include one or more of;
external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets and physical subversion of delivery mechanisms;
identifying linkages between said identified safety based risk elements and corresponding supply chain infrastructural elements;
categorizing the identified safety based risk elements according to risk categories, wherein the risk categories each have an associated base value and the safety based risk elements have a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type, wherein an associated risk value of each of the risk categories corresponds to the likelihood of occurrence, magnitude, ability to mitigate, and resource availability;
defining a set of risk policies according to said risk categories, wherein the set of risk policies define a risk threshold based on the infrastructure elements and the safety based risk elements of the supply chain at issue, wherein the risk threshold is determined based on the value of a threat times the probability of the occurrence of a threat outcome, and wherein the occurrence of the threat is analyzed using the processor based on a transparency, character, logic and trust of the data;
receiving information indicating that one or more infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; and
if the risk threshold is exceeded, modifying one or more of the risk policies.
18 Assignments
0 Petitions
Accused Products
Abstract
A method, a system, and a device for monitoring risks associated with at least one business process, including: evaluating at least one of a plurality of document instances, wherein each of the document instances includes, in association therewith, a plurality of document values, against a plurality of risk categories; implementing the plurality of risk categories pursuant to at least one acceptable risk policy approved for the at least one business process; and qualifying at least one of the at least one of the plurality of documents pursuant to an approval rating of the at least one document in at least one risk category. The system, method, and device efficiently monitor risk, and allow for flexibility in modifying or updating risk policy.
126 Citations
23 Claims
-
1. A method, implemented using a processor and a memory, for monitoring and controlling risks associated with a supply chain, comprising:
-
accessing the memory to identify safety based risk elements within a supply chain infrastructure where the safety based risk elements include one or more of; external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets and physical subversion of delivery mechanisms; identifying linkages between said identified safety based risk elements and corresponding supply chain infrastructural elements; categorizing the identified safety based risk elements according to risk categories, wherein the risk categories each have an associated base value and the safety based risk elements have a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type, wherein an associated risk value of each of the risk categories corresponds to the likelihood of occurrence, magnitude, ability to mitigate, and resource availability; defining a set of risk policies according to said risk categories, wherein the set of risk policies define a risk threshold based on the infrastructure elements and the safety based risk elements of the supply chain at issue, wherein the risk threshold is determined based on the value of a threat times the probability of the occurrence of a threat outcome, and wherein the occurrence of the threat is analyzed using the processor based on a transparency, character, logic and trust of the data; receiving information indicating that one or more infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; and if the risk threshold is exceeded, modifying one or more of the risk policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer program product stored in a computer-readable storage medium which, when executed by a processing arrangement, is configured to monitor and control risks associated with a supply chain, comprising:
-
a computer program including; computer readable program code used to identify safety based risk elements within a supply chain infrastructure where the safety based risk elements include one or more of; external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets and physical subversion of delivery mechanisms; computer readable program code used to identify linkages between said identified safety based risk elements and corresponding supply chain infrastructural elements; computer readable program code used to categorize the identified safety based risk elements according to risk categories, wherein the risk categories each have an associated base value and the safety based risk elements have a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type, wherein an associated risk value of each of the risk categories corresponds to the likelihood of occurrence, magnitude, ability to mitigate, and resource availability; computer readable program code used to define a set of risk policies according to said risk categories, wherein the set of risk policies define a risk threshold based on the infrastructure elements and the safety based risk elements of the supply chain, wherein the risk threshold is determined based on the value of a threat times the probability of the occurrence of a threat outcome, and wherein the occurrence of the threat is analyzed using the processor based on a transparency, character, logic and trust of the data; computer readable program code used to receive information indicating that one or more infrastructural elements is to be utilized in the supply chain and evaluating said information against the set of risk policies to determine if the risk threshold is exceeded; computer readable program code used, if the risk threshold is exceeded, to modify one or more of the risk policies. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A method, implemented using a processor and a memory, for monitoring and controlling risks associated with a supply chain, comprising:
-
accessing the memory to identify threats within an environment that have a security outcome, whereby the security outcome is the contravention of legal regulations, physical damage to people or property, economic loss or criminal activity; determining one or more security policies in response to the security threats, wherein the one or more security policies is determined based on one or more risk thresholds, wherein the one or more risk thresholds are determined based on the value of a threat times the probability of the occurrence of a threat outcome, and wherein the occurrence of the threat is analyzed using the processor based on a transparency, character, logic and trust of the data; defining one or more risk categories that are responsive to the one or more security policies, wherein the one or more risk categories each have an associated base risk value and the safety based risk elements have a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type, wherein the associated base risk value of each of the one or more risk categories corresponds to the likelihood of occurrence, magnitude, ability to mitigate, and resource availability; identifying data indicative of one or more risk categories, including a first set of transactional data comprising indicators that bear on the existence of the security threat, and a second set of contextual data that relates to the transaction and the security threat; reviewing the first set of transactional data; reviewing the second set of contextual data; using the processor to determine whether the risk threshold has been exceeded; determining whether the second set of data has changed over a predetermined period of time; and if the second set of data has changed, determining whether the one or more security policies should be modified based on the change in the second set of data. - View Dependent Claims (20, 21, 22, 23)
-
Specification