System and method for management of vulnerability assessment
First Claim
1. An apparatus, comprising:
- a network interface configured to;
receive application data;
provide access to at least a portion of the application data via a business-to-business network connection by a third party;
a processor coupled to the network interface, the processor configured to;
calculate a risk score based on one or more parameters received in the application data; and
determine that the application is in scope for vulnerability assessment based at least in part on the risk score calculated based on the one or more parameters received in the application data, the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party;
in response to determining that the application is in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party, the network interface further configured to;
receive assessment information from an assessor related to an assessment of the application, the assessment identifying at least one vulnerability;
receive a remediation plan comprising one or more remediation tasks associated with the assessment from a remediator, the one or more remediation tasks designed to remedy the at least one vulnerability;
in response to receiving the remediation plan, generate an interactive display to facilitate remediation of the at least one vulnerability;
receive, via the interactive display generated to facilitate the remediation of the at least one vulnerability, an indication of performance of a remediation task of the one or more remediation tasks;
receive an indication of whether the remediation task remedied the at least one vulnerability;
communicate the information regarding the assessment to a remediator; and
communicate an indication that the remediation task has been completed based at least in part on the indication of performance of the remediation task.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for an optimization of fulfillment workflow includes receiving application data and determining that an application is in scope for vulnerability assessment based at least in part on the application data. Assessment information related to an assessment identifying at least one vulnerability is received from an assessor. The information regarding the assessment is communicated to a remediator. One or more remediation tasks designed to remedy the at least one vulnerability is received, and an indication of performance of a remediation task is received. An indication that a remediation task has been completed based at least in part on the indication of performance of the remediation task is communicated, and an indication of whether the remediation task remedied the at least one vulnerability is received.
29 Citations
24 Claims
-
1. An apparatus, comprising:
-
a network interface configured to; receive application data; provide access to at least a portion of the application data via a business-to-business network connection by a third party; a processor coupled to the network interface, the processor configured to; calculate a risk score based on one or more parameters received in the application data; and determine that the application is in scope for vulnerability assessment based at least in part on the risk score calculated based on the one or more parameters received in the application data, the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party; in response to determining that the application is in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party, the network interface further configured to; receive assessment information from an assessor related to an assessment of the application, the assessment identifying at least one vulnerability; receive a remediation plan comprising one or more remediation tasks associated with the assessment from a remediator, the one or more remediation tasks designed to remedy the at least one vulnerability; in response to receiving the remediation plan, generate an interactive display to facilitate remediation of the at least one vulnerability; receive, via the interactive display generated to facilitate the remediation of the at least one vulnerability, an indication of performance of a remediation task of the one or more remediation tasks; receive an indication of whether the remediation task remedied the at least one vulnerability; communicate the information regarding the assessment to a remediator; and communicate an indication that the remediation task has been completed based at least in part on the indication of performance of the remediation task. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A tangible non-transitory computer readable medium comprising logic, the logic configured, when executed on a processor, to:
-
receive application data; provide access to at least a portion of the application data via a business-to-business network connection by a third party; calculate a risk score based on one or more parameters received in the application data; determine that the application in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters received in the application data, the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party; in response to determining that the application is in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party; receive assessment information from an assessor related to an assessment of the application, the assessment identifying at least one vulnerability; communicate the information regarding the assessment to a remediator; receive a remediation plan comprising one or more remediation tasks associated with the assessment from the remediator, the one or more remediation tasks designed to remedy the at least one vulnerability; in response to receiving the remediation plan, generate an interactive display to facilitate remediation of the at least one vulnerability; receive, via the interactive display generated to facilitate the remediation of the at least one vulnerability, an indication of performance of a remediation task of the one or more remediation tasks; communicate an indication that the remediation task has been completed based at least in part on the indication of performance of the remediation task; and receive an indication of whether the remediation task remedied the at least one vulnerability. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method, comprising:
-
receiving application data; providing access to at least a portion of the application data via a business-to-business network connection by a third party; calculating a risk score based on one or more parameters received in the application data; determining that the application is in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters received in the application data, the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party; in response to determining that the application is in scope for vulnerability assessment based at least in part on risk score calculated based on the one or more parameters comprising at least the sensitivity of data associated with the application and whether the application is accessible via the business-to-business network connection by the third party; receiving assessment information from an assessor related to an assessment of the application, the assessment identifying at least one vulnerability; communicating the information regarding the assessment to a remediator; receiving a remediation plan comprising one or more remediation tasks associated with the assessment from the remediator, the one or more remediation tasks designed to remedy the at least one vulnerability; in response to receiving the remediation plan, generate an interactive display to facilitate remediation of the at least one vulnerability; receiving, via the interactive display generated to facilitate the remediation of the at least one vulnerability, an indication of performance of a remediation task of the one or more remediation tasks; communicating an indication that the remediation task has been completed based at least in part on the indication of performance of the remediation task; and receiving an indication of whether the remediation task remedied the at least one vulnerability. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification