System and method for risk detection reporting and infrastructure

US 9,177,279 B2
Filed: 08/19/2014
Issued: 11/03/2015
Est. Priority Date: 06/09/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A system, comprising:

a processor;

a memory coupled to the processor, wherein the memory containsdata regarding one or more supply chain elements stored in an electronic format in the memory, wherein a plurality of data relating to the one or more supply chain elements comprises a data instance, anda software program to be run by the processor that includes instructions that provide for the following;

categorizing the one or more supply chain elements each according to one or more risk categories, wherein each of the one or more risk categories comprises an associated range of values and the supply chain elements comprise a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type,accessing the memory to identify a first data instance,weighing the first data instance against at least one of the one or more risk categories to arrive at a value for such data instance under the at least one of the one or more risk categories against which the first data instance is weighed, wherein the value for the data instance under the at least one of the one or more risk categories against which the data instance is weighed varies depending on a selected risk policy of a plurality of risk policies, wherein each of the plurality of risk policies is defined by a plurality of risk categories, wherein each of the plurality of risk categories is defined by a range of values, wherein each of the plurality of risk policies comprises one or more predetermined values or ranges of values for one or more of the risk categories,determining each of the predetermined values or ranges of values based on the value of a threat times the probability of the occurrence of a threat outcome, wherein the occurrence of the threat is analyzed using the processor based on a source, transparency, character, logic and trust of the data relating to the one or more supply chain elements;

determining whether the first data instance is acceptable under a first risk policy, wherein acceptance is dependent on a combination of each value for such data instance under each of the one or more risk categories against which the first data instance is weighed as compared to the predetermined values or ranges of values of the selected risk policy.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, a system, and a device for monitoring risks associated with at least one business process, including: evaluating at least one of a plurality of document instances, wherein each of the document instances includes, in association therewith, a plurality of document values, against a plurality of risk categories; implementing the plurality of risk categories pursuant to at least one acceptable risk policy approved for the at least one business process; and qualifying at least one of the at least one of the plurality of documents pursuant to an approval rating of the at least one document in at least one risk category. The system, method, and device efficiently monitor risk, and allow for flexibility in modifying or updating risk policy.

Citations

19 Claims

1. A system, comprising:
- a processor;
  
  a memory coupled to the processor, wherein the memory containsdata regarding one or more supply chain elements stored in an electronic format in the memory, wherein a plurality of data relating to the one or more supply chain elements comprises a data instance, anda software program to be run by the processor that includes instructions that provide for the following;
  
  categorizing the one or more supply chain elements each according to one or more risk categories, wherein each of the one or more risk categories comprises an associated range of values and the supply chain elements comprise a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type,accessing the memory to identify a first data instance,weighing the first data instance against at least one of the one or more risk categories to arrive at a value for such data instance under the at least one of the one or more risk categories against which the first data instance is weighed, wherein the value for the data instance under the at least one of the one or more risk categories against which the data instance is weighed varies depending on a selected risk policy of a plurality of risk policies, wherein each of the plurality of risk policies is defined by a plurality of risk categories, wherein each of the plurality of risk categories is defined by a range of values, wherein each of the plurality of risk policies comprises one or more predetermined values or ranges of values for one or more of the risk categories,determining each of the predetermined values or ranges of values based on the value of a threat times the probability of the occurrence of a threat outcome, wherein the occurrence of the threat is analyzed using the processor based on a source, transparency, character, logic and trust of the data relating to the one or more supply chain elements;
  
  determining whether the first data instance is acceptable under a first risk policy, wherein acceptance is dependent on a combination of each value for such data instance under each of the one or more risk categories against which the first data instance is weighed as compared to the predetermined values or ranges of values of the selected risk policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system of claim 1, wherein the data instance comprises at least one infrastructure asset, transport asset, storage asset, and shipment article, and further comprising identifying correspondence between one or more supply chain elements and one or more infrastructure asset elements, transport asset elements, storage asset elements, and shipment article elements.
  - 3. The system of claim 1, wherein the one or more risk categories comprises at least one of confidentiality, integrity, availability, controls on physical security, controls on personnel security, controls on data systems, historical controls, insurance, prior legal actions, prior regulatory actions, contractual controls, vendor controls, record keeping controls, auditing controls, and procedures and practices, and combinations thereof.
  - 4. The system of claim 1, wherein the fist data instance is analyzed based on a triggering event.
  - 5. The system of claim 1, wherein the triggering event comprises at least one of introduction of a new asset, a change to an infrastructure asset, a change to a transport asset, a change to a storage asset, and a change to a shipment article.
  - 6. The system of claim 1, wherein the risk category used to evaluate the data instance will depend on the type of data instance being evaluated.
  - 7. The system of claim 1, wherein the weighting of the values is adjusted based on the type of data instance being evaluated.
  - 8. The system of claim 1, wherein the value for the first data instance under each of the one or more risk categories against which the data instance is weighed is based on an aggregate determination of risk.
  - 9. The system of claim 8, wherein the aggregate determination of risk is based on at least one of a one to one analysis, a many to one analysis, a one to many analysis, and a many to many analysis.
  - 10. The system of claim 1, wherein if the first data instance is not acceptable, at least one of modifying one or more of the risk policies, issuing a warning regarding one or more of the supply chain elements, and taking one or more actions to mitigate risk.
  - 11. The system of claim 2, wherein the predetermined values or ranges of values comprise a risk threshhold, further comprising receiving information indicating that one or more infrastructure asset elements is to be utilized in a supply chain and using the processor to evaluate said information against the set of risk policies to determine if the risk threshold is exceeded;
    - andif the risk threshold is exceeded, modifying one or more of the risk policies.
  - 12. The system of claim 1, wherein the predetermined values or ranges of values is dynamic based on one or more of an overall threat environment, intelligence, and the risk elements.
  - 13. The system of claim 1, wherein the predetermined values or ranges of values comprise a risk threshhold.
  - 14. The system of claim 13, taking responsive actions until a risk is deemed mitigated.
  - 15. The system of claim 13, wherein if the risk threshold is exceeded, taking one or more responsive actions, until at least one risk category value is reduced sufficiently such that the risk threshold is no longer exceeded.
  - 16. The system of claim 13, further comprising allowing access to an infrastructure asset element if the risk threshold is not exceeded.
  - 17. The system of claim 1, wherein the data instance relates to a supply chain.
  - 18. The system of claim 17, wherein the supply chain comprises the shipment of freight.

19. A method implemented using a microprocessor running a software program stored in a memory, comprising:
- accessing data regarding one or more supply chain elements stored in an electronic format in the memory, wherein a plurality of data relating to the one or more supply chain elements comprises a data instance;
  
  categorizing one or more supply chain elements each according to one or more risk categories via the microprocessor, wherein each of the one or more risk categories comprises an associated range of values and the supply chain elements comprise a derived value whose magnitude indicates at least one of a relative degree of risk and risk of a particular type;
  
  accessing the memory to identify a first data instance;
  
  weighing the first data instance against at least one of the one or more risk categories to arrive at a value for such data instance under the at least one of the one or more risk categories against which the first data instance is weighed, wherein the value for the data instance under the at least one of the one or more risk categories against which the data instance is weighed varies depending on a selected risk policy of a plurality of risk policies, wherein each of the plurality of risk policies is defined by a plurality of risk categories, wherein each of the plurality of risk categories is defined by a range of values, wherein each of the plurality of risk policies comprises one or more predetermined values or ranges of values for one or more of the risk categories;
  
  determining each of the predetermined values or ranges of values based on the value of a threat times the probability of the occurrence of a threat outcome, wherein the occurrence of the threat is analyzed using the processor based on a source, transparency, character, logic and trust of the data relating to the one or more supply chain elements;
  
  determining whether the first data instance is acceptable under a first risk policy, wherein acceptance is dependent on a combination of each value for such data instance under each of the one or more risk categories against which the first data instance is weighed as compared to the predetermined values or ranges of values of the selected risk policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Smartsafety Software Inc.
Original Assignee
A-T Solutions (Jacobs Solutions, Inc.)
Inventors
Miller, Charles J., Frankel, Yair, Rosenkrantz, Noah J.
Primary Examiner(s)
Sterrett, Jonathan G

Application Number

US14/463,594
Publication Number

US 20140358627A1
Time in Patent Office

441 Days
Field of Search

705/7.28, 726/23
US Class Current

1/1
CPC Class Codes

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/08   Logistics, e.g. warehousing...

G06Q 40/08   Insurance

H04L 63/1433   Vulnerability analysis

System and method for risk detection reporting and infrastructure

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for risk detection reporting and infrastructure

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links