Security maturity assessment method
First Claim
1. A method for assessing an information security policy and practice of an organization, comprising:
- collecting information about the information security policy and practice of the organization;
generating a rating for each of a plurality of information security items using a security maturity assessment matrix and the collected information,wherein the security maturity assessment matrix comprises a first dimension and a second dimension,wherein the first dimension corresponds to the plurality of information security items;
wherein the second dimension corresponds to a plurality of maturity levels;
wherein at least one of the plurality of maturity levels corresponds to a maturity level associated with a Capability Maturity Model, andwherein each rating is derived using the first dimension and the second dimension; and
determining how to modify the information security policy and practice of the organization using the rating for the at least one of the plurality of security items.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for assessing an information security policy and practice of an organization, including determining a risk associated with the information security policy and practice, collecting information about the information security policy and practice, generating a rating using a security maturity assessment matrix, the collected information, and the risk associated with the information security policy and practice, generating a list of corrective actions using the rating, executing the list of corrective actions to create a new security information policy and practice, and monitoring the new security information policy and practice.
518 Citations
35 Claims
-
1. A method for assessing an information security policy and practice of an organization, comprising:
-
collecting information about the information security policy and practice of the organization; generating a rating for each of a plurality of information security items using a security maturity assessment matrix and the collected information, wherein the security maturity assessment matrix comprises a first dimension and a second dimension, wherein the first dimension corresponds to the plurality of information security items; wherein the second dimension corresponds to a plurality of maturity levels; wherein at least one of the plurality of maturity levels corresponds to a maturity level associated with a Capability Maturity Model, and wherein each rating is derived using the first dimension and the second dimension; and determining how to modify the information security policy and practice of the organization using the rating for the at least one of the plurality of security items. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus for assessing an information security policy and practice of an organization, comprising:
-
means for collecting information about the information security policy and practice of the organization; means for generating a rating for each of a plurality of information security items using a security maturity assessment matrix and the collected information, wherein the security maturity assessment matrix comprises a first dimension and a second dimension, wherein the first dimension corresponds to the plurality of information security items; wherein the second dimension corresponds to a plurality of maturity levels; wherein at least one of the plurality of maturity levels corresponds to a maturity level associated with a Capability Maturity Model, and wherein each rating is derived using the first dimension and the second dimension; and means for determining how to modify the information security policy and practice of the organization using the rating for the at least one of the plurality of security items. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 29, 30, 31)
-
-
27. A computer system for assessing an information security policy and practice of an organization, comprising:
-
a processor; a memory; an input means; and software instructions stored in the memory for enabling the computer system under control of the processor, to perform; collecting information about the information security policy and practice of the organization; generating a rating for each of a plurality of information security items using a security maturity assessment matrix and the collected information, wherein the security maturity assessment matrix comprises a first dimension and a second dimension, wherein the first dimension corresponds to the plurality of information security items; wherein the second dimension corresponds to a plurality of maturity levels; wherein at least one of the plurality of maturity levels corresponds to a maturity level associated with a Capability Maturity Model, and wherein each rating is derived using the first dimension and the second dimension; determining how to modify the information security policy and practice of the organization using the rating for the at least one of the plurality of security items. - View Dependent Claims (28, 32, 33, 34, 35)
-
Specification