System and method for risk detection reporting and infrastructure

US 8,484,066 B2
Filed: 06/08/2004
Issued: 07/09/2013
Est. Priority Date: 06/09/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method, implemented using a processor and a memory, for monitoring and controlling risks associated with a supply chain, comprising:

accessing the memory to identify safety based risk elements within a supply chain infrastructure where the safety based risk elements include one or more of;

external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets and physical subversion of delivery mechanisms;

identifying linkages between said identified safety based risk elements and corresponding supply chain infrastructural elements;

categorizing the identified safety based risk elements according to risk categories, wherein the risk categories each have an associated base value and the safety based risk elements have a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type, wherein an associated risk value of each of the risk categories corresponds to the likelihood of occurrence, magnitude, ability to mitigate, and resource availability;

defining a set of risk policies according to said risk categories, wherein the set of risk policies define a risk threshold based on the infrastructure elements and the safety based risk elements of the supply chain at issue, wherein the risk threshold is determined based on the value of a threat times the probability of the occurrence of a threat outcome, and wherein the occurrence of the threat is analyzed using the processor based on a transparency, character, logic and trust of the data;

receiving information indicating that one or more infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; and

if the risk threshold is exceeded, modifying one or more of the risk policies.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a system, and a device for monitoring risks associated with at least one business process, including: evaluating at least one of a plurality of document instances, wherein each of the document instances includes, in association therewith, a plurality of document values, against a plurality of risk categories; implementing the plurality of risk categories pursuant to at least one acceptable risk policy approved for the at least one business process; and qualifying at least one of the at least one of the plurality of documents pursuant to an approval rating of the at least one document in at least one risk category. The system, method, and device efficiently monitor risk, and allow for flexibility in modifying or updating risk policy.

126 Citations

View as Search Results

23 Claims

1. A method, implemented using a processor and a memory, for monitoring and controlling risks associated with a supply chain, comprising:
- accessing the memory to identify safety based risk elements within a supply chain infrastructure where the safety based risk elements include one or more of;
  
  external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets and physical subversion of delivery mechanisms;
  
  identifying linkages between said identified safety based risk elements and corresponding supply chain infrastructural elements;
  
  categorizing the identified safety based risk elements according to risk categories, wherein the risk categories each have an associated base value and the safety based risk elements have a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type, wherein an associated risk value of each of the risk categories corresponds to the likelihood of occurrence, magnitude, ability to mitigate, and resource availability;
  
  defining a set of risk policies according to said risk categories, wherein the set of risk policies define a risk threshold based on the infrastructure elements and the safety based risk elements of the supply chain at issue, wherein the risk threshold is determined based on the value of a threat times the probability of the occurrence of a threat outcome, and wherein the occurrence of the threat is analyzed using the processor based on a transparency, character, logic and trust of the data;
  
  receiving information indicating that one or more infrastructural elements is to be utilized in the supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded; and
  
  if the risk threshold is exceeded, modifying one or more of the risk policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method according to claim 1, wherein the risk threshold is dynamic based on one or more of the overall threat environment, intelligence, and the safety based risk elements.
  - 3. The method according to claim 1, wherein if the risk threshold is exceeded, taking responsive actions until the risk is deemed mitigated.
  - 4. The method according to claim 1, further comprising taking one or more responsive actions based on the identified responsive actions, until at least one risk category value is reduced sufficiently such that the risk threshold is no longer exceeded.
  - 5. The method according to claim 1, further comprising allowing access to an infrastructural element if the risk threshold is not exceeded.
  - 6. The method according to claim 1, wherein the supply chain comprises the shipment of freight.
  - 7. The method according to claim 1, wherein the associated risk value of each of the risk categories further corresponds to cultural concerns.
  - 8. The method according to claim 1, wherein the infrastructural element is a computer system.
  - 9. The method according to claim 1, wherein the supply chain infrastructure comprises a computer system.
  - 10. The method of claim 1, wherein the one or more risk policies comprise one or more of notice, increased monitoring, denial of access, arrest, increased screening, and intelligence inquiries.
  - 11. The method of claim 1, wherein the safety based risk elements include at least one of physical intrusion detection, physical safety of personnel, physical safety of infrastructure, physical subversion of assets and physical subversion of delivery mechanisms.

12. A computer program product stored in a computer-readable storage medium which, when executed by a processing arrangement, is configured to monitor and control risks associated with a supply chain, comprising:
- a computer program including;
  
  computer readable program code used to identify safety based risk elements within a supply chain infrastructure where the safety based risk elements include one or more of;
  
  external malicious threats, intrusion detection, safety of personnel, safety of infrastructure, safety of data systems, physical subversion of assets and physical subversion of delivery mechanisms;
  
  computer readable program code used to identify linkages between said identified safety based risk elements and corresponding supply chain infrastructural elements;
  
  computer readable program code used to categorize the identified safety based risk elements according to risk categories, wherein the risk categories each have an associated base value and the safety based risk elements have a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type, wherein an associated risk value of each of the risk categories corresponds to the likelihood of occurrence, magnitude, ability to mitigate, and resource availability;
  
  computer readable program code used to define a set of risk policies according to said risk categories, wherein the set of risk policies define a risk threshold based on the infrastructure elements and the safety based risk elements of the supply chain, wherein the risk threshold is determined based on the value of a threat times the probability of the occurrence of a threat outcome, and wherein the occurrence of the threat is analyzed using the processor based on a transparency, character, logic and trust of the data;
  
  computer readable program code used to receive information indicating that one or more infrastructural elements is to be utilized in the supply chain and evaluating said information against the set of risk policies to determine if the risk threshold is exceeded;
  
  computer readable program code used, if the risk threshold is exceeded, to modify one or more of the risk policies.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The software according to claim 12, wherein the risk threshold is dynamic based on one or more of the overall threat environment, intelligence, and the safety based risk elements.
  - 14. The software according to claim 12, wherein the supply chain comprises the shipment of freight.
  - 15. The software according to claim 12, wherein the associated risk value of each of the risk categories further corresponds to cultural concerns.
  - 16. The software according to claim 12, wherein the infrastructural element is a computer system.
  - 17. The software according to claim 12, wherein the supply chain infrastructure comprises a computer system.
  - 18. The software of claim 12, wherein the one or more risk policies comprise one or more of notice, increased monitoring, denial of access, arrest, increased screening, and intelligence inquiries.

19. A method, implemented using a processor and a memory, for monitoring and controlling risks associated with a supply chain, comprising:
- accessing the memory to identify threats within an environment that have a security outcome, whereby the security outcome is the contravention of legal regulations, physical damage to people or property, economic loss or criminal activity;
  
  determining one or more security policies in response to the security threats, wherein the one or more security policies is determined based on one or more risk thresholds, wherein the one or more risk thresholds are determined based on the value of a threat times the probability of the occurrence of a threat outcome, and wherein the occurrence of the threat is analyzed using the processor based on a transparency, character, logic and trust of the data;
  
  defining one or more risk categories that are responsive to the one or more security policies, wherein the one or more risk categories each have an associated base risk value and the safety based risk elements have a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type, wherein the associated base risk value of each of the one or more risk categories corresponds to the likelihood of occurrence, magnitude, ability to mitigate, and resource availability;
  
  identifying data indicative of one or more risk categories, including a first set of transactional data comprising indicators that bear on the existence of the security threat, and a second set of contextual data that relates to the transaction and the security threat;
  
  reviewing the first set of transactional data;
  
  reviewing the second set of contextual data;
  
  using the processor to determine whether the risk threshold has been exceeded;
  
  determining whether the second set of data has changed over a predetermined period of time; and
  
  if the second set of data has changed, determining whether the one or more security policies should be modified based on the change in the second set of data.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19, wherein the associated base risk value of each of the one or more risk categories corresponds to cultural concerns.
  - 21. The method of claim 19, wherein the risk threshold is determined based on at least one of the resources available to mitigate the threat, social policy, and government policy.
  - 22. The method of claim 21, wherein the government policy is at least one of local, regional, and country wide.
  - 23. The method according to claim 19, wherein a third set of data relating to dynamic threats is used to determine resource allocation within the one or more security policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Smartsafety Software Inc.
Original Assignee
GreenLine Systems, Inc. (A-T Solutions, Inc.)
Inventors
Miller, Charles J., Frankel, Yair, Rosenkrantz, Noah J.
Primary Examiner(s)
Sterrett, Jonathan G

Application Number

US10/863,582
Publication Number

US 20050021360A1
Time in Patent Office

3,318 Days
Field of Search

705/7, 705/7.28, 726/23
US Class Current

705/7.28
CPC Class Codes

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/08   Logistics, e.g. warehousing...

G06Q 40/08   Insurance

H04L 63/1433   Vulnerability analysis

System and method for risk detection reporting and infrastructure

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

126 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for risk detection reporting and infrastructure

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

126 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links