Data processing: measuring – calibrating – or testing – Measurement system – Statistical measurement
Reexamination Certificate
2006-01-03
2006-01-03
Hoff, Marc S. (Department: 2857)
Data processing: measuring, calibrating, or testing
Measurement system
Statistical measurement
C702S108000, C714S038110
Reexamination Certificate
active
06983221
ABSTRACT:
A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes providing one or more test requirements categories, associating one or more first data elements with each requirements category, associating one or more second data elements with a degree of exposure of the target system to the one or more threats, comparing the first data elements to the second data elements to determine, based on predetermined rules, composite data elements for each requirements category; and selecting, based upon predetermined rules, a level of risk of the composite data elements as a baseline risk level for each requirements category.
REFERENCES:
patent: 5032979 (1991-07-01), Hecht et al.
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5625751 (1997-04-01), Brandwajn et al.
patent: 5684959 (1997-11-01), Bhat et al.
patent: 5699403 (1997-12-01), Ronnen
patent: 5740248 (1998-04-01), Fieres et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5850516 (1998-12-01), Schneier
patent: 5859847 (1999-01-01), Dew et al.
patent: 5870545 (1999-02-01), Davis et al.
patent: 5892900 (1999-04-01), Ginter et al.
patent: 5892903 (1999-04-01), Klaus
patent: 5931946 (1999-08-01), Terada et al.
patent: 6006328 (1999-12-01), Drake
patent: 6134664 (2000-10-01), Walker
patent: 6148401 (2000-11-01), Devanbu et al.
patent: 6151599 (2000-11-01), Shrader et al.
patent: 6185689 (2001-02-01), Todd, Sr. et al.
patent: 6205407 (2001-03-01), Testa et al.
patent: 6219626 (2001-04-01), Steinmetz et al.
patent: 6219628 (2001-04-01), Kodosky et al.
patent: 6219805 (2001-04-01), Jones et al.
patent: 6230105 (2001-05-01), Harris et al.
patent: 6256773 (2001-07-01), Bowman-Amuah
patent: 6282546 (2001-08-01), Gleichauf et al.
patent: 6298445 (2001-10-01), Shostack et al.
patent: 6317868 (2001-11-01), Grimm et al.
patent: 6324647 (2001-11-01), Bowman-Amuah
patent: 6370573 (2002-04-01), Bowman-Amuah
patent: 6389402 (2002-05-01), Ginter et al.
patent: 6401073 (2002-06-01), Tokuda et al.
patent: 6405364 (2002-06-01), Bowman-Amuah
patent: 6408391 (2002-06-01), Huff et al.
patent: 6473794 (2002-10-01), Guheen et al.
patent: 6546493 (2003-04-01), Magdych et al.
patent: 2001/0027389 (2001-10-01), Beverina et al.
patent: 2001/0034847 (2001-10-01), Gaul
patent: 2002/0042687 (2002-04-01), Tracy et al.
patent: 2002/0069035 (2002-06-01), Tracy et al.
patent: 2002/0104014 (2002-08-01), Zobel et al.
patent: 2002/0198750 (2002-12-01), Innes et al.
patent: 2002/0199122 (2002-12-01), Davis et al.
patent: 2003/0046128 (2003-03-01), Heinrich
patent: 2003/0064717 (2003-04-01), Rajaram
patent: 2003/0065793 (2003-04-01), Kouznetsov et al.
patent: 2003/0159063 (2003-08-01), Apfelbaum et al.
patent: 2003/0163728 (2003-08-01), Shaw
patent: 2003/0172166 (2003-09-01), Judge et al.
patent: 2004/0010709 (2004-01-01), Baudoin et al.
patent: 2004/0025015 (2004-02-01), Satterlee et al.
patent: 2004/0049698 (2004-03-01), Ott et al.
patent: 0999489 (2000-05-01), None
patent: WO 00/70463 (2000-11-01), None
patent: WO 01/37511 (2001-05-01), None
patent: WO 01/59989 (2001-08-01), None
patent: WO 01/99349 (2001-12-01), None
patent: WO 02/061544 (2002-08-01), None
Baskerville, Richard. Dec. 1993. “Information Systems Security Design Methods: Implications for Information Systems Development.” ACM Computing Surveys, vol. 25, No. 4, pp. 375-414.
Oct. 24, 2002. International Search Report from PCT Application No. PCT/US02/09842.
Apr. 11, 2003. International Preliminary Examination Report from PCT Application No. PCT/US02/09842.
Dec. 26, 1985. “Department of Defense Trusted Computer System Evaluation Criteria.” DoD 5200.28-STD.
Jul. 31, 2000. “Department of Defense Information Technology Security Ceritfication and Accreditation Process (DITSCAP): Application Manual.” DoD 8510.1-M.
Jan. 23, 2003. International Search Report from PCT/US02/28179 (note that all references were cited previously in an IDS submission filed on May 9, 2003).
Apr. 11, 2003. International Preliminary Examination Report from PCT/US00/09842 (note that all references were cited previosly in an IDS submission filed on Nov. 27, 2002).
Dennis Szerszen, “Secure Strategies—A Year-Long Series on the Fundamentals of Information Systems Security—Extending your business to the Web requires a firm understanding of directories, what they offer and the challenges you'll face in deploying them,” Apr. 2000, Part 1, from http://infosecuritymag.techtarget.com/articles/april00/features4.shtml.
“DOD Information Technology Security Certification and Accreditation Process (DITSCAP),” Lesson 11, Aug. 29, 2000, from http://atzhssweb.gordon.army.mil/otd/c2protect/isso/itern17.html, pp. 1-25.
The Mitre Corporation, “Key to Information Sharing—Common Vulnerabilities & Exposures,” Aug. 17, 2000, from http://www.cve.mitre.org/about/introduction.html.
Al Berg, “Secure Strategies—A Year-Long Series on the Fundamentals of Information Systems Security—On the surface, all vulnerability assessment scanners perform essentially the same way. Here's how to decide which one-if any-is right for your requirements.” Part 2, “Audits, Assessments & Tests (Oh, My), ” from http://www.infosecuritymag.com/aug2000/securestrategies.htm, pp. 1-5.
Dan Swanson, “Secure Strategies—A Year-Long Series on the Fundamentals of Information Systems Security—Avoiding IS Icebergs,” Part 4, “Audits, Assessments & Tests (Oh, My),” from http://www.infosecuritymag.com/oct2000/icebergs.htm, pp. 1-4.
George Kurtz and Chris Prosise, “Secure Strategies—Penetration Testing Exposed,” Part 3, “Audits, Assessments & Tests (Oh, My),” from http://www.infosecuritymag.com/sep200/securestrategies.htm, pp. 1-5.
Tracey, et al., U.S. Appl. No. 10/304,824, filed on Nov. 27, 2002, entitled “Enhanced System, Method and Medium for Certifying and Accrediting Requirements Compliance Utilizing Threat Vulnerability Feed.”
Tracey, et al., U.S. Appl. No. 10/304,826, filed on Nov. 27, 2002, entiled “Enhanced System, Method and Medium for Certifying and Accrediting Requirements Compliance Utilizing Continuous Risk Assessment.”
“TruSecure Adopts Santum Inc.'s Web Application Security Audit Solution; Sanctum's Powerful Web Application Security Audit Software Complements TruSecure's Security Program. (Abstract)”Business Wire, p. 0121 (Dec. 18, 2000).
DoD Information Technology Security Certificate and Accreditation Process (DITSCAP) Journal Announcement USGRDR 0109 (Abstract) (Mar. 1999).
“ActiveSentry™ 3.0 (Security You Can See)”Intranode Software Technologies; pp. 1-19 (Mar. 2002).
Briney, Andrew, “Automating Policies.” www.infosecuritymag.com; (Oct. 2002).
Levine, Diane E.; “CyberCop Patrols on Linux.”InformationWeek; (May 24, 1999).
Hulme, George V.; “Herculean Help For Patching.” Information Week.com (Mar. 18, 2002).
Hulme, George V.; “Hercules' Strength is Security Automation.” Information Week.com (Mar. 14, 2002).
Sidel, Scott et al.; “Patching Across the Enterprise” www.infosecuritymag.com; (Feb. 2002).
Hulme, George V.; “Sanctum Adds Audit-Automation Tools to Security.” InformationWeek.com; (Sep. 21, 2001).
Korzeniowski, Paul; “Audit and Assesment—Ironclad Security.” www.infosecuritymag.com; (Aug. 2000).
Greenemaier, Larry; “Certified Secure” InformationWeek.com; (Nov. 4, 2002).
Hulme, George V.; “Discover Security Threats Faster.” InformationWeek.com; (Nov. 11, 2002).
Langa, Fred; “Good and Bad Online Security Check-Ups” InformationWeek.com; (Jun. 11, 2001).
Musich, Paula; “Loudcloud Automates Patch Management,”Eweek; (May 28, 2002).
“Microsoft Gets Security Approval”Federal Computer Week; (Nov. 11, 2002).
Karygiannis, T.; “Network security testing us
Barrett Hugh
Catlin Gary M.
Tracy Richard P.
Barbee Manuel L
Hoff Marc S.
Telos Corporation
LandOfFree
Enhanced system, method and medium for certifying and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Enhanced system, method and medium for certifying and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Enhanced system, method and medium for certifying and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3557943