Performing an automated compliance audit by vulnerabilities
First Claim
1. An automated enterprise compliance auditing by vulnerabilities system comprising:
- an enterprise asset database comprising details of assets of said enterprise;
at least one compliance regulation, each of said at least one compliance regulation comprising at least one compliance control;
a known asset vulnerabilities database comprising details of publicly known asset vulnerabilities;
compliance control associating functionality to associate each of a set of audited assets with at least a subset of compliance controls of said at least one compliance regulation, said set of audited assets being at least a subset of said assets of said enterprise;
vulnerability mapping functionality to map each compliance control of said at least one compliance regulation to a subset of said publicly known asset vulnerabilities which may potentially impact compliance of at least one of said audited assets therewith;
asset scanning functionality to scan each audited asset of said set of audited assets to ascertain to which of said publicly known asset vulnerabilities said audited asset is vulnerable to; and
numeric compliance score calculating functionality to, responsive to said associating, said mapping and said scanning, calculate for each of said set of audited assets, a numeric compliance score for each compliance control associated therewith, said numeric compliance score being within a range of possible numeric compliance scores.
13 Assignments
0 Petitions
Accused Products
Abstract
An automated enterprise compliance auditing by vulnerabilities system including an enterprise asset database, a compliance regulation including compliance controls, a known asset vulnerabilities database including details of publicly known asset vulnerabilities, compliance control associating functionality to associate each of a set of audited assets with at least a subset of compliance controls of the compliance regulation, the audited assets being a subset of the enterprise assets, vulnerability mapping functionality to map each compliance control to a subset of the known asset vulnerabilities which may impact compliance of at least one of the audited assets therewith, asset scanning functionality to scan each audited asset to ascertain to which publicly known asset vulnerabilities the audited asset is vulnerable to, and numeric compliance score calculating functionality to, responsive to the associating, mapping and scanning, calculate for each audited asset, a numeric compliance score for each compliance control associated therewith.
-
Citations
15 Claims
-
1. An automated enterprise compliance auditing by vulnerabilities system comprising:
-
an enterprise asset database comprising details of assets of said enterprise; at least one compliance regulation, each of said at least one compliance regulation comprising at least one compliance control; a known asset vulnerabilities database comprising details of publicly known asset vulnerabilities; compliance control associating functionality to associate each of a set of audited assets with at least a subset of compliance controls of said at least one compliance regulation, said set of audited assets being at least a subset of said assets of said enterprise; vulnerability mapping functionality to map each compliance control of said at least one compliance regulation to a subset of said publicly known asset vulnerabilities which may potentially impact compliance of at least one of said audited assets therewith; asset scanning functionality to scan each audited asset of said set of audited assets to ascertain to which of said publicly known asset vulnerabilities said audited asset is vulnerable to; and numeric compliance score calculating functionality to, responsive to said associating, said mapping and said scanning, calculate for each of said set of audited assets, a numeric compliance score for each compliance control associated therewith, said numeric compliance score being within a range of possible numeric compliance scores. - View Dependent Claims (2, 3, 4, 5, 6)
-
- 7. A computer product for automatic asset compliance auditing in an enterprise, including a non-transitory, tangible computer-readable medium in which computer program instructions are stored, which instructions, when read by a computer, cause the computer to associate each of a set of audited assets with at least a subset of compliance controls of at least one compliance regulation, said set of audited assets being at least a subset of said assets of said enterprise, to map each compliance control of said at least one compliance regulation to a subset of a collection of publicly known asset vulnerabilities which may potentially impact compliance of at least one of said audited assets therewith, to scan each audited asset of said set of audited assets to ascertain to which of said collection of publicly known asset vulnerabilities said audited asset is vulnerable to, and responsive to said associating, said mapping and said scanning, to calculate, for each of said set of audited assets, a numeric compliance score for each compliance control associated therewith, said numeric compliance score being within a range of possible numeric compliance scores.
-
12. A method for asset compliance auditing in an enterprise, said method comprising:
-
associating each of a set of audited assets with at least a subset of compliance controls of at least one compliance regulation, said set of audited assets being at least a subset of said assets of said enterprise; mapping each compliance control of said at least one compliance regulation to a subset of a collection of publicly known asset vulnerabilities which may potentially impact compliance of at least one of said assets therewith; scanning each audited asset of said set of audited assets to ascertain to which of said collection of publicly known asset vulnerabilities said audited asset is vulnerable to; and responsive to said associating, said mapping and said scanning, calculating via at least one processor, for each of said set of audited assets, a numeric compliance score corresponding to each compliance control associated therewith, a numeric compliance score for each compliance control associated therewith, said numeric compliance score being within a range of possible numeric compliance scores. - View Dependent Claims (13, 14, 15)
-
Specification