Method, system and computer program product for assessing...

Data processing: financial – business practice – management – or co – Automated electrical financial or business practice or... – Discount or incentive

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C705S007380, C705S001100

Reexamination Certificate

active

06925443

ABSTRACT:
A method, system and computer program product for assessing information security interviews users regarding technical and non-technical issues. In an embodiment, users are interviewed based on areas of expertise. In an embodiment, information security assessments are performed on domains within an enterprise, the results of which are rolled-up to perform an information security assessment across the enterprise. The invention optionally includes application specific questions and vulnerabilities and/or industry specific questions and vulnerabilities. The invention optionally permits users to query a repository of expert knowledge. The invention optionally provides users with working aids. The invention optionally permits users to execute third party testing/diagnostic applications. The invention, optionally combines results of executed third party testing/diagnostic applications with user responses to interview questions, to assess information security. A system in accordance with the invention includes an inference engine, which may include a logic based inference engine, a knowledge based inference engine, and/or an artificial intelligence inference engine. In an embodiment, the invention includes an application specific tailoring tool that allows a user to tailor the system to assess security of information handled by a third party application program.

REFERENCES:
patent: 5485409 (1996-01-01), Gupta et al.
patent: 5701400 (1997-12-01), Amado
patent: 5784539 (1998-07-01), Lenz
patent: 5850516 (1998-12-01), Schneier
patent: 5892903 (1999-04-01), Klaus
patent: 5978784 (1999-11-01), Fagg, III et al.
patent: 5991743 (1999-11-01), Irving et al.
patent: 6021404 (2000-02-01), Moukheibir
patent: 6064972 (2000-05-01), Jankowitz et al.
patent: 6076166 (2000-06-01), Moshfeghi et al.
patent: 6088801 (2000-07-01), Grecsek
patent: 6092060 (2000-07-01), Guinta et al.
patent: 6098047 (2000-08-01), Oku et al.
patent: 6112190 (2000-08-01), Fletcher et al.
patent: 6151581 (2000-11-01), Kraftson et al.
patent: 6151584 (2000-11-01), Papierniak et al.
patent: 6158010 (2000-12-01), Moriconi et al.
patent: 6161101 (2000-12-01), Guinta et al.
patent: 6237786 (2001-05-01), Ginter et al.
patent: 6298445 (2001-10-01), Shostack et al.
Intelligence Resource Program. “Pilot Information Security Assurance Site Is Online.” Sep. 1997. [online] http://www.fas.org/irp
ews/1997/index.html.
Cortez, Edwin M. and Kazlauskas, Edward J. “Information Policy Audit: A Case Study of an Organizational Analysis Tool.” Spring, 1996; [DIALOG].
COBRA™ Consultant Products for Windows: An Easy To Use Guide and Evaluation Aid, 4 pages.
Symantec Expert™ 4.1, 2000, Symantec Corporation, http://www.symantec.com
etworksecurity/expert, 1 page.
KANE Security Analyst™, “Network Security Assessment Tool,”2000, HALLoGRAM Publishing, 2 pages.
“How Effective is Your Information Security Program?” http://www.gocsi.com, 1 page.
Final Recommendations, http://www.hackzone.ru
sp/info/misc/handbook/262-264.html, last visited Feb. 2, 2000, 2 pages.
“What SATAN is,” http://www.cs.ruu.nl/cert-uu/satan.html, last visited Jul. 25, 2000, 3 pages.
“Release of SANTA/SATAN Tool and SGI Specifics,” http://www.fish.com/˜zen/satan/advisories/sqi.html, Apr. 5, 1995, 8 pages.
“Infosecurity: A View From the Frontlines,” http://www.infosecuritymaq.com/feb99/rndtable.htm, last visited Jul. 21, 2000, 4 pages.
Van Dyke Gary “Expect Thunderstorms: Total Security is impractical, but partial Security is Unacceptable. So How Do You Strike A Balance?” Word In Edgewise, Sep. 1998, http://www.infosecuritymaq.com/sept/edgewise.htm, 2 pages.
“A Guide for Drafting Comprehensive and Effective Computer Policies,” 1998-2000, Rehman Technology Services, Inc., 3 pages.
Charles Cresson Wood, “Information Security Policies Made Easy: Version 7,” Jun. 2000, Baseline Software, Inc., 18 pages.
Schaub James L. et al., “The Ultimate Computer Security Survey,” Butterworth-Heinemann, 1995, 12 pages.
Winn Schwartau, “A Modest Proposal: Many Organizations have Turned to Computer Forensics to Catch the Bad Guys. May I Suggest Something a Little More Radical?” http://www.infosecuritymaq.com/apr99/cover.htm, last visited Jul. 21, 2000, pp. 5 and 6 of 6.
Assessment & Audit, Information Security, vol. 3, No. 12, Dec. 2000, pp. 78-82.
Spinellis D. et al., “Security Requirements, Risks and Recommendations for Small Enterprise and Home-Office Environments,” Information Management & Computer Security, MCB University Press, 1999, pp. 121-128.
Shipley Greg, “Security Services-Request for Proposal,” Network Computing, CMP Media, Inc., Apr. 1, 1998, pp. 52-72.
Gill Shammi, “Auditors Present Different Strengths,” eWeek, Feb. 26, 2001, p. 27 (2).
Paul Brooke, “Risk-Assessment Strategies,” Network Computing, CMP Media, Inc., 2000, pp. 121, 122, 126, 128, 130.
Vass Lisa, “Security Checkup: One Bank's Experience at Having Its e-biz Links Poked, Prodded, Scanned,”eWeek, Aug. 14, 2000, pp. 49-50, 55.
Waltz Mitzi, “Making Security Fun,” Network World, vol. 15, No. 19, May 11, 1998, p. 56.
Phillips Ken, “KSA 4.0 Kos Intruders: NetWareSecurity Analysis Tool Spots, Prioritizes Breaches; Offers Tips on Improving Protection,” p. 81, 88.
Robinson Teri, “Security Overkill?” Communications Week, CMP Publications, Inc., vol. 584, Nov. 13, 1995, pp. 63, 67, 71.
Machlis Sharon, “Employee Participation Key to Successful Security,” Computer World, Jul. 28, 1997, pp. 45, 47.
“Risk Management Research Laboratory Overview,” 1998, TOTSE, 18 pages.
I.D. Intrusion Detection, “Kane Security Analyst,” 1997, System Options Limited, 2 pages.
COBRA Risk Consultant, “The New Era in Security Risk Management, ” 1999, C & A Systems Security Ltd., 10 pages.
RiskWatch© v8.1 for Information Systems, 1999, RiskWatch, 2 pages.
L-3 Network Security Expert™ 4.1 Comprehensive Network Risk and Business Impact Analysis Evaluation Guide, 1999, L-3 Communications Network Security Systems, LLC, 19 pages.
Product Review: The International Journal of Computer Security, “L-3 Network Security Expert ™ 4.1,” 1999, West Coast Publishing, Ltd., http://www.scmaqazine.com/scmaqazine/standalone/13/NetSecEx/sc_expert.html, last visited Jun. 18, 2001, 4 pages.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method, system and computer program product for assessing... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Method, system and computer program product for assessing..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method, system and computer program product for assessing... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3512226

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.