Data processing: measuring – calibrating – or testing – Measurement system – Statistical measurement
Reexamination Certificate
2005-12-27
2005-12-27
Hoff, Marc S. (Department: 2857)
Data processing: measuring, calibrating, or testing
Measurement system
Statistical measurement
C713S152000
Reexamination Certificate
active
06980927
ABSTRACT:
A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes electronically scanning, on a predetermined basis, hardware and/or software characteristics of components within a target system to obtain and store target system configuration information, receiving and storing target system operational environment information, using information collected in the scanning and receiving steps to select one or more security requirements in accordance with the at least one predefined standard, regulation and/or requirement, selecting one or more test procedures used to determine target system compliance with the security requirements, and producing a risk assessment of the target system.
REFERENCES:
patent: 5032979 (1991-07-01), Hecht et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5625751 (1997-04-01), Brandwajn et al.
patent: 5684959 (1997-11-01), Bhat et al.
patent: 5699403 (1997-12-01), Ronnen
patent: 5740248 (1998-04-01), Fieres et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5850516 (1998-12-01), Schneier
patent: 5859847 (1999-01-01), Dew et al.
patent: 5870545 (1999-02-01), Davis et al.
patent: 5892900 (1999-04-01), Ginter et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5931946 (1999-08-01), Terada et al.
patent: 6006328 (1999-12-01), Drake
patent: 6134664 (2000-10-01), Walker
patent: 6148401 (2000-11-01), Devanbu et al.
patent: 6151599 (2000-11-01), Shrader et al.
patent: 6185689 (2001-02-01), Todd, Sr. et al.
patent: 6205407 (2001-03-01), Testa et al.
patent: 6219626 (2001-04-01), Steinmetz et al.
patent: 6219628 (2001-04-01), Kodosky et al.
patent: 6219805 (2001-04-01), Jones et al.
patent: 6230105 (2001-05-01), Harris et al.
patent: 6256773 (2001-07-01), Bowman-Amuah
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6298445 (2001-10-01), Shostack et al.
patent: 6317868 (2001-11-01), Grimm et al.
patent: 6324647 (2001-11-01), Bowman-Amuah
patent: 6370573 (2002-04-01), Bowman-Amuah
patent: 6389402 (2002-05-01), Ginter et al.
patent: 6401073 (2002-06-01), Tokuda et al.
patent: 6405364 (2002-06-01), Bowman-Amuah
patent: 6408391 (2002-06-01), Huff et al.
patent: 6473794 (2002-10-01), Guheen et al.
patent: 6546493 (2003-04-01), Magdych et al.
patent: 2001/0027389 (2001-10-01), Beverina et al.
patent: 2001/0034847 (2001-10-01), Gaul
patent: 2002/0042687 (2002-04-01), Tracy et al.
patent: 2002/0069035 (2002-06-01), Tracy et al.
patent: 2002/0104014 (2002-08-01), Zobel et al.
patent: 2002/0198750 (2002-12-01), Innes et al.
patent: 2002/0199122 (2002-12-01), Davis et al.
patent: 2003/0046128 (2003-03-01), Heinrich
patent: 2003/0064717 (2003-04-01), Rajaram
patent: 2003/0065793 (2003-04-01), Kouznetsov et al.
patent: 2003/0159063 (2003-08-01), Apfelbaum et al.
patent: 2003/0163728 (2003-08-01), Shaw
patent: 2003/0172166 (2003-09-01), Judge et al.
patent: 2004/0010709 (2004-01-01), Baudoin et al.
patent: 2004/0025015 (2004-02-01), Satterlee et al.
patent: 2004/0049698 (2004-03-01), Ott et al.
patent: 0999489 (2000-05-01), None
patent: WO 00/70463 (2000-11-01), None
patent: WO 01/37511 (2001-05-01), None
patent: WO 01/59989 (2001-08-01), None
patent: WO 01/99349 (2001-12-01), None
patent: WO 02/061544 (2002-08-01), None
Baskerville, Richard. Dec. 4, 1993. “Information Systems Security Design Methods: Implications for Information Systems Development.” ACM Computing Surveys, vol. 25, No. 4, pp. 375-414.
Oct. 24, 2002. International Search Report from PCT Application No. PCT/US02/09842.
Apr. 11, 2003. International Preliminary Examination Report from PCT Application No. PCT/US02/09842.
Dec. 26, 1985. “Department of Defense Trusted Computer System Evaluation Criteria.” DoD 5200.28-STD.
Jul. 31, 2000. “Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP): Application Manual.” DoD 8510.1-M.
Jan. 23, 2003. International Search Report from PCT/US02/28179 (note that all references were cited previously in an IDS submission filed on May 9, 2003).
Apr. 11, 2003. International Preliminary Examination Report from PCT/US00/09842 (note that all references were cited previously in an IDS submission filed on Nov. 27, 2002).
Dennis Szerszen, “Secure Strategies—A Year-Long Series on the Fundamentals of Information Systems Security—Extending your business to the Web requires a firm understanding of directories, what they offer and the challenges you'll face in deploying them,” Apr. 2000, Part I, from http://infosecuritymag.techtarget.com/articles/april00/features4.shtml.
“DOD Information Technology Security Certification and Accreditation Process (DITSCAP),” Lesson 11, Aug. 29, 2000, from http://atzhssweb.gordon.army.mil/otd/c2protect/isso/item17.html, pp. 1-25.
The Mitre Corporation, “The Key to Information Sharing—Common Vulnerabilities & Exposures,” Aug. 17, 2000, from http://www.cve.mitre.org/about/introduction.html.
Al Berg, “Secure Strategies—A Year-Long Series on the Fundamentals of Information Systems Security—On the surface, all vulnerability assessment scanners perform essentially the same way. Here's how to decide which one-if-any-is right for your requirements,” Part 2, “Audits, Assessments & Tests (Oh, My),” from http://www.infosecuritymag.com/aug2000/securestrategies.htm, pp. 1-5.
Dan Swanson, “Secure Strategies—A Year-Long Series on the Fundamentals of Information Systems Security—Avoiding IS Icebergs,” Part 4, “Audits, Assessments & Tests (Oh, My),” from http://www.infosecuritymag.com/oct2000/icebergs.htm, pp. 1-4.
George Kurtz and Chris Prosise, “Secure Strategies—Penetration Testing Exposed,” Part 3, “Audits, Assessments & Tests (Oh, My),” from http://www.infosecuritymag.com/sep2000/securestrategies.htm, pp. 1-5.
Tracy, et al., U.S. Appl. No. 10/304,824, filed on Nov. 27, 2002, entitled “Enhanced System, Method and Medium for Certifying and Accrediting Requirements Compliance Utilizing Threat Vulnerability Feed”.
Tracy, et al., U.S. Appl. No. 10/304,825, filed on Nov. 27, 2002, entitled “Enhanced System, Method and Medium for Certifying and Accrediting Requirements Compliance Utilizing Robust Risk Assessment Model”.
Levine, Diane E.; “CyberCop Patrols on Linux.”InformationWeek;(May 24, 1999).
Karygiannis, T.; “Network security testing using mobile agents. (Abstract)”Proceedings of the Third International Conference on the Practical Application of Intelligent Agents and a Multi-Agent Technology,pp. 625-626; (Mar. 1998).
Dyck, Timothy; “App Scanning Helps Secure Weak Spots.”EWEEK(May 20, 2002).
Mendelson, Edward; “The Danger Within.”PC Magazine(Dec. 5, 2000).
“TruSecure Adopts Sanctum Inc.'s Web Application Security Audit Solution; Sanctum's Powerful Web Application Security Audit Software Complements TruSecure's Security Program. (Abstract)”Business Wire,p. 0121 (Dec. 18, 2000).
“BMC Software Automates Security Management for E-businesses; Provides Customers with Automated Access Management and E-business Information Security. (Abstract) ”Business Wire,p. 084 (Nov. 8, 2000).
“Best Practices and Beyond. (Industry Speaks). (Abstract)”Government Computer Newsv21, n21, p.S14(6) (Jul. 29, 2002).
Casella K.A. et al., “Security administration in an open networking environment. (Abstract)”Proceedings of the Ninth Systems Administration Conference,p. 67-73 (1995).
Hochberg, Judith, “NADIR: An automated system for detecting network intrusion and misuse. (Abstract)”Computers&Securityv12, n3, p. 235-248 (May 3, 1993).
DoD Information Technology Security Certificate and Accreditation Process (DITSCAP) Journal Announcement USGRDR 0109 (Abstract) (Mar. 1999).
“ActiveSentry™ 3.0 (Security You Can See)”Intranode Software Technologies;p. 1-19 (Mar. 2002).
Bri
Barrett Hugh
Catlin Gary M.
Tracy Richard P.
Charioui Mohamed
Hoff Marc S.
Telos Corporation
LandOfFree
Enhanced system, method and medium for certifying and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Enhanced system, method and medium for certifying and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Enhanced system, method and medium for certifying and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3523105