Apparatus and Methods for Assessing and Maintaining Security of a Computerized System under Development
First Claim
1. A security assessment method for assessing security of a computerized system under development, the system including assets and being managed in accordance with an organization policy, the method including:
- providing an organizational computerized system development policy;
classifying the assets in the system under development, thereby generating asset classification information; and
automatically creating at least one security requirement based on said asset classification information and said organization policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A security assessment method for assessing security of a computerized system under development, the system including assets and being managed in accordance with an organization policy, the method including providing an organizational computerized system development policy; classifying said assets in said system under development, thereby to generate asset classification information; and automated creation of at least one security requirement based on said asset classification information and said organization policy.
52 Citations
22 Claims
-
1. A security assessment method for assessing security of a computerized system under development, the system including assets and being managed in accordance with an organization policy, the method including:
-
providing an organizational computerized system development policy; classifying the assets in the system under development, thereby generating asset classification information; and automatically creating at least one security requirement based on said asset classification information and said organization policy. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
2. A security assessment method for assessing security of a computerized system under development and having at least one security requirement, the method comprising:
-
computing a control target level for at least one control existing in a computerized system under development; and using said control target level to set a risk level for the at least one security requirement. - View Dependent Claims (15, 22)
-
-
3. A security assessment method for assessing security of a computerized system under development, the method comprising:
-
providing at least one initial security requirement definition which applies while said system under development is in a first phase of development; and translating said at least one initial security requirement that pertains to said first phase to a more detailed security requirement that pertains to a subsequent phase of development. - View Dependent Claims (4, 5, 6, 7)
-
-
16. A manufacture comprising a computer usable medium having a computer readable program code embodied therein, said computer readable program code having instructions for implementing a security assessment method for assessing security of a computerized system under development, the system including assets and being managed in accordance with an organization policy, the code including instructions for:
-
providing an organizational computerized system development policy; classifying said assets in said system under development, thereby to generate asset classification information; and automatically creating at least one security requirement based on said asset classification information and said organization policy.
-
-
17. A manufacture comprising a computer usable medium having a computer readable program code embodied therein, said computer readable program code adapted to be executed to implement a security assessment method for assessing security of a computerized system under development and having at least one security requirement, the code including instructions for:
-
computing a control target level for at least one control existing in a computerized system under development; and using said control target level to set a risk level for the at least one security requirement.
-
-
18. A manufacture comprising a computer usable medium having a computer readable program code embodied therein, said computer readable program code adapted to be executed to implement a security assessment method for assessing security of a computerized system under development, said code including instructions for:
-
providing at least one initial security requirement definition which applies while said system under development is in a first phase of development; and translating said at least one initial security requirement that pertains to said first phase to a more detailed security requirement that pertains to a subsequent phase of development.
-
-
19. A security assessment device for assessing security of a computerized system under development, the system including assets and being managed in accordance with an organization policy, the device including:
-
asset classification apparatus classifying said assets in said system under development, thereby to generate asset classification information; and a requirement generator for automated creation of at least one security requirement based on said asset classification information and an organizational computerized system development policy.
-
-
20. A security assessment device for assessing security of a computerized system under development and having at least one security requirement, the device comprising:
-
a control target level computer operative for Computing a control target level for at least one control existing in a computerized system under development; and a security requirement risk level generator using said control target level to set a risk level for the at least one security requirement.
-
-
21. A security assessment device for assessing security of a computerized system under development, the device comprising:
-
a requirement database including at least one initial security requirement definition which applies while said system under development is in a first phase of development; and a requirement translator operative for translating said at least one initial security requirement that pertains to said first phase to a more detailed security requirement that pertains to a subsequent phase of development.
-
Specification