Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2005-05-18
2010-06-22
Revak, Christopher A (Department: 2431)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
C709S224000
Reexamination Certificate
active
07743421
ABSTRACT:
Communication network security risk exposure management systems and methods are disclosed. Risks to a communication network are determined by analyzing assets of the communication network and vulnerabilities affecting the assets. Assets may include physical assets such as equipment or logical assets such as software or data. Risk analysis may be adapted to assess risks to a particular feature of a communication network by analyzing assets of the communication network which are associated with that feature and one or more of vulnerabilities which affect the feature and vulnerabilities which affect the assets associated with the feature. A feature may be an asset itself or a function or service offered in the network and supported by particular assets, for example.
REFERENCES:
patent: 5751965 (1998-05-01), Mayo et al.
patent: 6125453 (2000-09-01), Wyss
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6298445 (2001-10-01), Shostack et al.
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6321338 (2001-11-01), Porras et al.
patent: 6535227 (2003-03-01), Fox et al.
patent: 6883101 (2005-04-01), Fox et al.
patent: 6895383 (2005-05-01), Heinrich
patent: 6907531 (2005-06-01), Dodd et al.
patent: 7152105 (2006-12-01), McClure et al.
patent: 7243148 (2007-07-01), Keir et al.
patent: 7257630 (2007-08-01), Cole et al.
patent: 7376969 (2008-05-01), Njemanze et al.
patent: 7451488 (2008-11-01), Cooper et al.
patent: 2002/0078381 (2002-06-01), Farley et al.
patent: 2002/0138416 (2002-09-01), Lovejoy et al.
patent: 2002/0199122 (2002-12-01), Davis et al.
patent: 2003/0046582 (2003-03-01), Black et al.
patent: 2003/0097588 (2003-05-01), Fischman et al.
patent: 2003/0126472 (2003-07-01), Banzhof
patent: 2003/0154269 (2003-08-01), Nyanchama et al.
patent: 2003/0154404 (2003-08-01), Beadles et al.
patent: 2004/0102922 (2004-05-01), Tracy et al.
patent: 2004/0143753 (2004-07-01), Hernacki et al.
patent: 2004/0168086 (2004-08-01), Young et al.
patent: 2004/0221176 (2004-11-01), Cole
patent: 2005/0010821 (2005-01-01), Cooper et al.
patent: 2005/0022021 (2005-01-01), Bardsley et al.
patent: 2005/0039046 (2005-02-01), Bardsley et al.
patent: 2005/0091542 (2005-04-01), Banzhof
patent: 2005/0114186 (2005-05-01), Heinrich
patent: 2005/0193430 (2005-09-01), Cohen et al.
patent: 2006/0021044 (2006-01-01), Cook
patent: 2006/0156407 (2006-07-01), Cummins
patent: 2007/0016955 (2007-01-01), Goldberg et al.
patent: 2007/0067847 (2007-03-01), Wiemer et al.
patent: 2009/0076969 (2009-03-01), Sparks
patent: WO 01/60024 (2001-08-01), None
patent: WO 02/054325 (2002-07-01), None
International Standard, “Information technology—Security techniques—Evaluation criteria for IT security—Part 1: Introduction and general model,” ISO/IEC 15408-1:1999(E), First Edition Dec. 1, 1999.
Young-Hwan Bang, Yoonn-Jung Jung, Injung Kim, Namhoon Lee, Gang-Soo Lee: “The Design and Development for Risk Analysis Automatic Tool” Online. [Online] 2004, pp. 491-499. XP002400108 Retrieved from the Internet: URL:http://springerlink.metapress.com/content/1a5017n9txrumuur/fulltext.pdf> *whole document*.
Wu W et al: “Integrated Vulnerability Management System for Enterprise Networks” E-Technology, E-Commerce and E-Service, 2005. EEE '05. Proceedings. The 2005 IEEE International Conference on Hong Kong, China 29-01 Mar. 2005, Piscataway. NJ. USA, IEEE. Mar. 29, 2005 *whole document*.
Jansen A et al: “Adopting Internet-Centric Technologies in Network Management: The Internet has spawned a number of new technologies which are increasingly being used to enhance network and service management” Alcatel Telecommunications Review, Alcatel, Paris Cedex, FR, Jul. 2003 XP007005936 ISSN: 1267-7167 *p. 5*.
Farahmand et al., Managing Vulnerabilities of Information Systems to Security Incidents, ICEC 2003, ACM 1-58113, pp. 348-354.
Apostolakis, G.E. et al., “A Screening Methodology for the Identification and Ranking of Infrastructure Vulnerabilities Due to Terrorism”, XP-002457051, Risk Analysis, vol. 25, No. 2, 2005, pp. 361-376.
Schiffman, M., “The Common Vulnerability Scoring System”, XP-002479898, The RSA Conference, Feb. 2005, 41 pp.
Baybutt, Cyber Security Vulnerability Analysis: An Asset-based approach, Dec. 2003, Process Safety Progress, vol. 22, No. 4, pp. 220-228.
Polepeddi, S., “Software Vulnerability Taxonomy Consolidation”, XP-002457428, UCRL-TH-208822, Jan. 4, 2005, 41 pp.
Böhme, R., “A Comparison of Market Approaches to Software Vulnerability Disclosure,” Emerging Trends in Information and Communication Security Lecture Notes in Computer Science; LNCS, Springer-Verlag, BE, vol. 3995, 2006, pp. 298-311.
Ferson, S., “Fuzzy arithmetic in risk analysis”. Available at http://web.archive.org/web/20030822232721/www.ramas.com/fuzzygood.ppt/www.ramas.com/fuzzygood.ppt. Downloaded Sep. 17, 2009, Aug. 2003, 30 pp.
Stamatelatos, G., “New Thrust for Probabilistic Risk Assessment (PRA) at NASA; Risk Analysis for Aerospace Systems II: Mission Success Starts with Safety”. Available at http://www.sra.org/docs/Stamatelatos.pdf. Downloaded Sep. 17, 2009, Oct. 28, 2002, pp. 1-45.
Hayden, B. et al., “On the Generation of Short Paths and Minimal Cutsets of the Hierarchical Web Graph”. Available at http://dimax.rutgers.edu/˜ehavden/REU%20all1.pdf. Downloaded Sep. 17, 2009, Jul. 21, 2005, pp. 1-8.
Fleming, R., “Vulnerability Assessment Using a Fuzzy Logic Based Method”. Available at http://handle.dtic.mil/100.2/ADA274075. Downloaded Sep. 17, 2009, Dec. 7, 1993, 101 pp.
Karas, W., C++AVL Tree Template Version 1.3, http://www.geocities.com/wkaras/gen—cpp/avl—tree.html?200522, Aug. 22, 2005, pp. 1-12.
Maggio, “Space Shuttle Probabilistic Risk Assessment: Methodology & Application”, 1996 Proceedings Annual Reliability and Maintainability Symposium, Jan. 25, 1996, pp. 121-132.
Hong et al., “Efficient enumeration of all minimal separators in a graph”, Theoretical Computer Science, vol. 180, No. 1-2, Jun. 10, 1997, pp. 169-180, Australia.
Kloks et al., “Finding all minimal separators in a graph”, Proceedings of 11thSymposium of Theoretical Aspects of Computer Science, Feb. 1994, pp. 759-768, Berlin.
Littlewood, B., Broclehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Dobson, J., McDermid, J., and Gollman, D., Towards Operational Measures of Computer Security. J. Comput. Sec. 2, 2. Available at http://www.csr.city.ac.uk/people/bev.littlewood/bl—public—papers/Measurement—of—security/Quantitative—security.pdf. Downloaded Sep. 17, 2009, 1993, pp. 1-24.
“Common Criteria International Standard ISO/IEC 15408:1999”. Available at http://www.niap-ccevs.org/cc-scheme/cc—docs/cc—v21—part1.pdf. Downloaded Sep. 17, 2009, Aug. 1999, 61 pp.
Cosquer Francois J. N.
D'Souza Scott David
Leclerc Yvon
MacIntosh Robert W.
Marquet Bertrand
Alcatel Lucent
Eckert Seamans Cherin & Mellott , LLC
Houser, Esq. Kirk D.
Revak Christopher A
LandOfFree
Communication network security risk exposure management... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Communication network security risk exposure management..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Communication network security risk exposure management... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4191269