Control automation tool
First Claim
1. A control automation method for assisting an organization comprising one or more users with managing one or more controls for mitigating one or more risks or threats and managing one or more metrics corresponding to the one or more controls, the one or more metrics for providing quantitative and repeatable processes for use in determining an effectiveness of the one or more controls, the control automation method comprising:
- using a computer processor to execute computer program code instructions stored in a non-transitory computer-readable medium, wherein the computer program code instructions are structured to cause the computer processor to;
receive, from the user, and store one or more control profiles each comprising a plurality of parameters defining the one or more controls, wherein at least one of said plurality of parameters is selected from a group consisting of correlated control information, correlated metric information, security level information, effectiveness calculation algorithm information, effectiveness calculation results information, and effectiveness calculation criteria information;
receive, from the user, and store one or more metric profiles each comprising a plurality of parameters defining the one or more metrics, wherein at least one of said plurality of parameters is selected from a group consisting of a unit of measure, a frequency of reporting, a type of metric, a relevance of the metric to one or more controls, and a threshold level for evaluating progress toward a goal of the metric;
receive user input choosing one or more of the metrics for association with the one or more controls;
map the metrics chosen by the user to the one or more controls, such that the metrics chosen by the user become associated with the one or more controls and can provide quantitative and repeatable process data for use in determining the effectiveness of the one or more controls;
receive and store one or more metric values corresponding to the one or more metrics; and
provide information corresponding to the one or more metric values to the user for assisting the user in determining the effectiveness of the one or more controls.
1 Assignment
0 Petitions
Accused Products
Abstract
A control automation tool (“CAT”) is configured for supporting discrete management of controls and their corresponding metrics. The control automation tool includes a software application connected with, stored on, and executed by one or more relational, closed-loop data repositories and computer systems. The use and maturation of a control within an organization depends on management of operational performance and expenses, which the CAT assists through lean project management, effective implementation of action plans and financial functions. Further, people resources, organizational hierarchy and access management functions are used to support mapping of controls arranged by organizational unit and support access permissions that are consistent with appropriate data management. The CAT also provides transparency and meaning to control and metric status and relevant data regarding controls and their associated metrics and is configured for ease of control and metric management via the CAT interface.
141 Citations
42 Claims
-
1. A control automation method for assisting an organization comprising one or more users with managing one or more controls for mitigating one or more risks or threats and managing one or more metrics corresponding to the one or more controls, the one or more metrics for providing quantitative and repeatable processes for use in determining an effectiveness of the one or more controls, the control automation method comprising:
using a computer processor to execute computer program code instructions stored in a non-transitory computer-readable medium, wherein the computer program code instructions are structured to cause the computer processor to; receive, from the user, and store one or more control profiles each comprising a plurality of parameters defining the one or more controls, wherein at least one of said plurality of parameters is selected from a group consisting of correlated control information, correlated metric information, security level information, effectiveness calculation algorithm information, effectiveness calculation results information, and effectiveness calculation criteria information; receive, from the user, and store one or more metric profiles each comprising a plurality of parameters defining the one or more metrics, wherein at least one of said plurality of parameters is selected from a group consisting of a unit of measure, a frequency of reporting, a type of metric, a relevance of the metric to one or more controls, and a threshold level for evaluating progress toward a goal of the metric; receive user input choosing one or more of the metrics for association with the one or more controls; map the metrics chosen by the user to the one or more controls, such that the metrics chosen by the user become associated with the one or more controls and can provide quantitative and repeatable process data for use in determining the effectiveness of the one or more controls; receive and store one or more metric values corresponding to the one or more metrics; and provide information corresponding to the one or more metric values to the user for assisting the user in determining the effectiveness of the one or more controls. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A computer program product configured for assisting an organization comprising one or more users with managing one or more controls for mitigating one or more risks or threats and managing one or more metrics corresponding to the one or more controls, the one or more metrics for providing quantitative and repeatable processes for use in determining an effectiveness of the one or more controls, the computer program product comprising a non-transitory computer-readable medium, the non-transitory computer-readable medium having computer-readable instructions stored therein, the instructions comprising:
-
instructions for receiving, from the user, and storing one or more control profiles each comprising a plurality of parameters defining the one or more controls, wherein at least one of said plurality of parameters is selected from a group consisting of correlated control information, correlated metric information, security level information, effectiveness calculation algorithm information, effectiveness calculation results information, and effectiveness calculation algorithm information, effectiveness calculation results information, or effectiveness calculation criteria information; instructions for receiving, from the user, and storing one or more metric profiles each comprising a plurality of parameters defining the one or more metrics, wherein at least one of said plurality of parameters is selected from a group consisting of a unit of measure, a frequency of reporting, a type of metric, a relevance of the metric to one or more controls, and a threshold level for evaluating progress toward a goal of the metric; instructions for receiving user input choosing one or more of the metrics for association with the one or more controls; instructions for mapping the metrics chosen by the user to the one or more controls, such that the metrics chosen by the user become associated with the one or more controls and can provide quantitative and repeatable process data for use in determining the effectiveness of the one or more controls; instructions for receiving and storing one or more metric values corresponding to the one or more metrics; and instructions for providing information corresponding to the one or more metric values to the user for assisting the user in determining the effectiveness of the one or more controls. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A control automation system configured for assisting an organization comprising one or more users with managing one or more controls for mitigating one or more risks or threats and managing one or more metrics corresponding to the one or more controls, the one or more metrics for providing quantitative and repeatable processes for use in determining an effectiveness of the one or more controls, the control automation system comprising:
-
a workstation module configured for providing access to the control automation system for the one or more users and providing an interface enabling the one or more users to interact with the control automation system; a control management module configured for communicating with the workstation module; a metric repository configured for communicating with the control management module and configured for receiving, from the user, and storing one or more metric profiles each comprising a plurality of parameters defining the one or more metrics, wherein at least one of said plurality of parameters is selected from a group consisting of a unit of measure, a frequency of reporting, a type of metric, a relevance of the metric to one or more controls, and a threshold level for evaluating progress toward a goal of the metric; a control repository configured for communicating with the control management module, the control repository comprising; a control profile and process module configured for; receiving user input regarding one or more control profiles each comprising a plurality of parameters defining the one or more controls from the workstation module by way of the control management module, wherein at least one of said plurality of parameters is selected from a group consisting of correlated control information, correlated metric information, security level information, effectiveness calculation algorithm information, effectiveness calculation results information, and effectiveness calculation algorithm information; receiving user input choosing one or more of the metrics from the workstation module by way of the control management module, the user choosing one or more of the metrics for association with the one or more controls; mapping the metrics chosen by the user to the one or more controls, such that the metrics chosen by the user become associated with the one or more controls and can provide quantitative and repeatable process data for use in determining the effectiveness of the one or more controls; receiving user input regarding one or more metric values corresponding to the one or more metrics from the workstation module by way of the control management module; and communicating information corresponding to the one or more metric values to the user by way of the control management module and the workstation module, the information for assisting the user in determining the effectiveness of the one or more controls. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. An apparatus for assisting an organization comprising one or more users with managing one or more controls for mitigating one or more risks or threats and managing one or more metrics corresponding to the one or more controls, the one or more metrics for providing quantitative and repeatable processes for use in determining an effectiveness of the one or more controls, the apparatus comprising:
-
means for receiving, from the user, and storing one or more control profiles each comprising a plurality of parameters defining the one or more controls, wherein at least one of said plurality of parameters is selected from a group consisting of correlated control information, correlated metric information, security level information, effectiveness calculation algorithm information, effectiveness calculation results information, and effectiveness calculation algorithm information; means for receiving, from the user, and storing one or more metric profiles each comprising a plurality of parameters defining the one or more metrics, wherein at least one of said plurality of parameters is selected from a group consisting of a unit of measure, a frequency of reporting, a type of metric, a relevance of the metric to one or more controls, and a threshold level for evaluating progress toward a goal of the metric; means for receiving user input choosing one or more of the metrics for association with the one or more controls; means for mapping the metrics chosen by the user to the one or more controls, such that the metrics chosen by the user become associated with the one or more controls and can provide quantitative and repeatable process data for use in determining the effectiveness of the one or more controls; means for receiving and storing one or more metric values corresponding to the one or more metrics; and means for providing information corresponding to the one or more metric values to the user for assisting the user in determining the effectiveness of the one or more controls. - View Dependent Claims (40, 41, 42)
-
Specification