Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment
Reexamination Certificate
2005-01-11
2010-02-02
Dinh, Minh (Department: 2432)
Information security
Monitoring or scanning of software or data including attack...
Vulnerability assessment
Reexamination Certificate
active
07657942
ABSTRACT:
A method, apparatus, and computer instructions for providing a current and complete security compliance view of an enterprise system. The present invention provides the ability to gain a real-time security posture and security compliance view of an enterprise and to assess the risk impact of known threats and attacks to continued business operations at various levels is provided. Responsive to a change to an enterprise environment, a request, or an external threat, an administrator loads or updates at least one of a Critical Application Operations database, a Historical database, an Access Control database, a Connectivity database, and a Threat database. Based on a comparison of information in the databases against similar security data elements from company or external policies, the administrator may generate a Security Compliance view of the enterprise. A Security Posture view may also be generated by comparing the Security Compliance view against data in the Threat database.
REFERENCES:
patent: 6226372 (2001-05-01), Beebe et al.
patent: 6240512 (2001-05-01), Fang et al.
patent: 6574617 (2003-06-01), Immerman et al.
patent: 6606708 (2003-08-01), Devine et al.
patent: 6971026 (2005-11-01), Fujiyama et al.
patent: 7096502 (2006-08-01), Fox et al.
patent: 7409721 (2008-08-01), Hernacki et al.
patent: 2002/0188861 (2002-12-01), Townsend
patent: 2007/0016955 (2007-01-01), Goldberg et al.
“Information Security Risk Assessment—Practices of Leading Organizations”, GAO, Nov. 1999, Retrieved from the Internet on Sep. 30, 2008: <URL: http://www.gao.gov/special.pubs/ai00033.pdf>.
Stoneburner et al., “Risk Management Guide for Information Technology Systems”, NIST, Jul. 2002, Retrieved from the Internet on Sep. 30, 2008: <URL: http://csrc.nist.gov/publications
istpubs/800-30/sp800-30.pdf>.
“CMS Information Security Risk Assessment (RA) Methodology”, CMS, Sep. 2002, Retrieved from the Internet on Sep. 30, 2008: <URL: http://csrc.nist.gov/groups/SMA/fasp/documents/risk—mgmt/RA—meth.pdf>.
Albert et al., “Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework”, Carnegie Mellon Univ., Jun. 1999, Retrieved from the Internet on Sep. 30, 2008: <URL: http://www.sei.cmu.edu/pub/documents/99.reports/pdf/99tr017.pdf>.
Henning, “Security Service Level Agreements: Quantifiable Security for the Enterprise?”, ACM Digital Library, 2000, pp. 54-60.
Medjahed et al., “Business-to-business interactions: issues and enabling technologies”, The VLDB Journal (2003) 12: 59-85 / Digital Object Identifier (DOI) 10.1007/s00778-003-0087-z, pp. 59-70.
Himberger Kevin David
Jeffries Clark Debs
Lingafelt Charles Steven
Roginsky Allen Leonid
Singleton Phillip
Dinh Minh
International Business Machines - Corporation
Samodovitz Arthur J.
Yee & Associates P.C.
LandOfFree
Method of assuring enterprise security standards compliance does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of assuring enterprise security standards compliance, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of assuring enterprise security standards compliance will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4201358