System and method for management of vulnerability assessment

US 8,590,047 B2
Filed: 01/04/2011
Issued: 11/19/2013
Est. Priority Date: 01/04/2011
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a network interface configured to;

receive application data;

provide access to at least a portion of the application data via a business-to-business network connection by a third party;

a processor coupled to the network interface, the processor configured to;

calculate a risk score based on one or more parameters received in the application data; and

determine that the application is in scope for vulnerability assessment based at least in part on the risk score calculated based on the one or more parameters received in the application data, the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party;

in response to determining that the application is in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party, the network interface further configured to;

receive assessment information from an assessor related to an assessment of the application, the assessment identifying at least one vulnerability;

receive a remediation plan comprising one or more remediation tasks associated with the assessment from a remediator, the one or more remediation tasks designed to remedy the at least one vulnerability;

in response to receiving the remediation plan, generate an interactive display to facilitate remediation of the at least one vulnerability;

receive, via the interactive display generated to facilitate the remediation of the at least one vulnerability, an indication of performance of a remediation task of the one or more remediation tasks;

receive an indication of whether the remediation task remedied the at least one vulnerability;

communicate the information regarding the assessment to a remediator; and

communicate an indication that the remediation task has been completed based at least in part on the indication of performance of the remediation task.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for an optimization of fulfillment workflow includes receiving application data and determining that an application is in scope for vulnerability assessment based at least in part on the application data. Assessment information related to an assessment identifying at least one vulnerability is received from an assessor. The information regarding the assessment is communicated to a remediator. One or more remediation tasks designed to remedy the at least one vulnerability is received, and an indication of performance of a remediation task is received. An indication that a remediation task has been completed based at least in part on the indication of performance of the remediation task is communicated, and an indication of whether the remediation task remedied the at least one vulnerability is received.

29 Citations

View as Search Results

24 Claims

1. An apparatus, comprising:
- a network interface configured to;
  
  receive application data;
  
  provide access to at least a portion of the application data via a business-to-business network connection by a third party;
  
  a processor coupled to the network interface, the processor configured to;
  
  calculate a risk score based on one or more parameters received in the application data; and
  
  determine that the application is in scope for vulnerability assessment based at least in part on the risk score calculated based on the one or more parameters received in the application data, the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party;
  
  in response to determining that the application is in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party, the network interface further configured to;
  
  receive assessment information from an assessor related to an assessment of the application, the assessment identifying at least one vulnerability;
  
  receive a remediation plan comprising one or more remediation tasks associated with the assessment from a remediator, the one or more remediation tasks designed to remedy the at least one vulnerability;
  
  in response to receiving the remediation plan, generate an interactive display to facilitate remediation of the at least one vulnerability;
  
  receive, via the interactive display generated to facilitate the remediation of the at least one vulnerability, an indication of performance of a remediation task of the one or more remediation tasks;
  
  receive an indication of whether the remediation task remedied the at least one vulnerability;
  
  communicate the information regarding the assessment to a remediator; and
  
  communicate an indication that the remediation task has been completed based at least in part on the indication of performance of the remediation task.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. An apparatus according to claim 1, the network interface further configured to:
    - communicate the information regarding the assessment to a reviewer;
      
      receive review information from the reviewer related to a review of the assessment; and
      
      communicate the review information regarding the review to the remediator.
  - 3. An apparatus according to claim 1, further comprising the processor configured to generate a display including a listing of the one or more remediation tasks and a status associated with each of the one or more remediation tasks.
  - 4. An apparatus according to claim 3, wherein generating the display including a listing of the one or more remediation tasks and a status associated with each of the one or more remediation tasks includes indicating, as part of the display, whether each of the one or more remediation tasks is complete.
  - 5. An apparatus according to claim 3, wherein generating the display including the listing of the one or more remediation tasks and the status associated with each of the one or more remediation tasks includes indicating, as part of the display, whether the remediation task remedied the at least one vulnerability.
  - 6. The apparatus according to claim 1, wherein the network interface is configured to:
    - receive the assessment information from a first user comprising the assessor; and
      
      receive the one or more remediation tasks from a second user comprising the remediator.
  - 7. The apparatus of claim 6, wherein the network interface is further configured to:
    - communicate the information regarding the assessment to a third user comprising a reviewer;
      
      receive review information from the third user comprising the reviewer, the review information related to a review of the assessment; and
      
      communicate the review information regarding the review to the second user comprising the remediator.
  - 8. An apparatus according to claim 1, wherein the at least one parameter comprises whether the application includes non-public information associated with a customer.

9. A tangible non-transitory computer readable medium comprising logic, the logic configured, when executed on a processor, to:
- receive application data;
  
  provide access to at least a portion of the application data via a business-to-business network connection by a third party;
  
  calculate a risk score based on one or more parameters received in the application data;
  
  determine that the application in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters received in the application data, the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party;
  
  in response to determining that the application is in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party;
  
  receive assessment information from an assessor related to an assessment of the application, the assessment identifying at least one vulnerability;
  
  communicate the information regarding the assessment to a remediator;
  
  receive a remediation plan comprising one or more remediation tasks associated with the assessment from the remediator, the one or more remediation tasks designed to remedy the at least one vulnerability;
  
  in response to receiving the remediation plan, generate an interactive display to facilitate remediation of the at least one vulnerability;
  
  receive, via the interactive display generated to facilitate the remediation of the at least one vulnerability, an indication of performance of a remediation task of the one or more remediation tasks;
  
  communicate an indication that the remediation task has been completed based at least in part on the indication of performance of the remediation task; and
  
  receive an indication of whether the remediation task remedied the at least one vulnerability.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A tangible non-transitory computer-readable medium according to claim 9, further comprising the logic further configured to:
    - communicate the information regarding the assessment to a reviewer;
      
      receive review information from the reviewer related to a review of the assessment; and
      
      communicate the review information regarding the review to the remediator.
  - 11. A tangible non-transitory computer-readable medium according to claim 9, further comprising the logic further configured to generate a display including a listing of the one or more remediation tasks and a status associated with each of the one or more remediation tasks.
  - 12. A tangible non-transitory computer-readable medium according to claim 11, wherein generating the display including a listing of the one or more remediation tasks and a status associated with each of the one or more remediation tasks includes indicating, as part of the display, whether each of the one or more remediation tasks is complete.
  - 13. A tangible non-transitory computer-readable medium according to claim 11, wherein generating the display including the listing of the one or more remediation tasks and the status associated with each of the one or more remediation tasks includes indicating, as part of the display, whether the remediation task remedied the at least one vulnerability.
  - 14. The tangible non-transitory computer readable medium according to claim 9, further comprising the logic further configured to:
    - receive the assessment information from a first user comprising the assessor; and
      
      receive the one or more remediation tasks from a second user comprising the remediator.
  - 15. The tangible non-transitory computer readable medium according to claim 14, further comprising the logic further configured to:
    - communicate the information regarding the assessment to a third user comprising a reviewer;
      
      receive review information from the third user comprising the reviewer;
      
      the review information related to a review of the assessment; and
      
      communicate the review information regarding the review to the second user comprising the remediator.
  - 16. An tangible non-transitory computer-readable medium according to claim 9, wherein the at least one parameter comprises whether the application includes non-public information associated with a customer.

17. A method, comprising:
- receiving application data;
  
  providing access to at least a portion of the application data via a business-to-business network connection by a third party;
  
  calculating a risk score based on one or more parameters received in the application data;
  
  determining that the application is in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters received in the application data, the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party;
  
  in response to determining that the application is in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party;
  
  receiving assessment information from an assessor related to an assessment of the application, the assessment identifying at least one vulnerability;
  
  communicating the information regarding the assessment to a remediator;
  
  receiving a remediation plan comprising one or more remediation tasks associated with the assessment from the remediator, the one or more remediation tasks designed to remedy the at least one vulnerability;
  
  in response to receiving the remediation plan, generate an interactive display to facilitate remediation of the at least one vulnerability;
  
  receiving, via the interactive display generated to facilitate the remediation of the at least one vulnerability, an indication of performance of a remediation task of the one or more remediation tasks;
  
  communicating an indication that the remediation task has been completed based at least in part on the indication of performance of the remediation task; and
  
  receiving an indication of whether the remediation task remedied the at least one vulnerability.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. A method according to claim 17, further comprising:
    - communicating the information regarding the assessment to a reviewer;
      
      receiving review information from the reviewer related to a review of the assessment; and
      
      communicating the review information regarding the review to the remediator.
  - 19. A method according to claim 17, further comprising generating a display including a listing of the one or more remediation tasks and a status associated with each of the one or more remediation tasks.
  - 20. A method according to claim 19, wherein generating the display including the listing of the one or more remediation tasks and the status associated with each of the one or more remediation tasks includes indicating, as part of the display, whether each of the one or more remediation tasks is complete.
  - 21. A method according to claim 19, wherein generating the display including the listing of the one or more remediation tasks and the status associated with each of the one or more remediation tasks includes indicating, as part of the display, whether the remediation task remedied the at least one vulnerability.
  - 22. The method according to claim 17, wherein:
    - receiving the assessment information from the assessor comprises receiving the assessment information from a first user; and
      
      receiving the one or more remediation tasks from the remediator comprises receiving the one or more remediation tasks from a second user.
  - 23. The method of claim 22, further comprising:
    - communicating the information regarding the assessment to a third user comprising a reviewer;
      
      receiving review information from the third user comprising the reviewer, the review information related to a review of the assessment; and
      
      communicating the review information regarding the review to the second user comprising the remediator.
  - 24. A method according to claim 17, wherein the at least one parameter comprises whether the application includes non-public information associated with a customer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Hoyt, Travis E., Lang, Robert A., Cimijotti, Mark T., Upchurch, Jack D. II, Legette, Tyron, Stranathan, William T.
Primary Examiner(s)
ARMOUCHE, HADI S

Application Number

US12/984,154
Publication Number

US 20120174230A1
Time in Patent Office

1,050 Days
Field of Search

None
US Class Current

726/25
CPC Class Codes

G06Q 10/06 Resources, workflows, human...

System and method for management of vulnerability assessment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

System and method for management of vulnerability assessment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others