Data processing: financial – business practice – management – or co – Automated electrical financial or business practice or... – Operations research or analysis
Reexamination Certificate
2005-05-17
2005-05-17
Hafiz, Tariq R. (Department: 3623)
Data processing: financial, business practice, management, or co
Automated electrical financial or business practice or...
Operations research or analysis
C705S001100
Reexamination Certificate
active
06895383
ABSTRACT:
A computer-implemented method and system for assessing the overall risk in at least part of an information technology system includes inputting into a risk assessment database a plurality of identified risks in a system; associating the risks to at least one severity band in a risk echelon; assigning a value to each risk; multiplying each risk value by a coefficient factor; and summing the factored risk values to determine the overall risk. The method preferably includes modifying the security implementation of the information technology system and determining the modified overall risk. The system preferably includes an automated vulnerability detection scanner to gather risk information, which is stored on a database and used in calculating the overall risk.
REFERENCES:
patent: 5311593 (1994-05-01), Carmi
patent: 5679940 (1997-10-01), Templeton et al.
patent: 5734697 (1998-03-01), Jabbarnezhad
patent: 5892903 (1999-04-01), Klaus
patent: 5930762 (1999-07-01), Masch
patent: 5991743 (1999-11-01), Irving et al.
patent: 6006016 (1999-12-01), Faigon et al.
patent: 6125453 (2000-09-01), Wyss
patent: 6223143 (2001-04-01), Weinstock et al.
patent: 6298445 (2001-10-01), Shostack et al.
patent: 6301668 (2001-10-01), Gleichauf et al.
patent: 6397202 (2002-05-01), Higgins et al.
patent: 6535227 (2003-03-01), Fox et al.
patent: 20020147803 (2002-10-01), Dodd et al.
patent: 999489 (2000-05-01), None
Haimes, Yacov. Risk Modeling, Assessment, and Management, 1998 [EIC].*
Rosenberg et al. “Continuous Risk Management at NASA,” (Retrieved from Internet on Nov. 6, 2002), Feb. 1999.*
Longstaff et al. “Are We Forgetting the Risks of Information Technology?” (Retrieved from Internet on Nov. 6, 2002), Dec. 2000.*
Gerosa, S. et al. “Methods and Applications of Risk Management in Space Programs,” (Retrieved from Internet on Nov. 6, 2002), Oct. 1999.*
Straub, Detmar W. et al. “Coping with systems risk: Security planning models for management decision making,” MIS Quarterly, Dec. 1998.*
Lansdowne, Zachary F. “Risk Matrix: An Approach for Prioritizing Risks and Tracking Risk Mitigation Progess,” Oct. 1999.*
Rosenberg, Linda H. “Software Metrics Program for Risk Assessment,” Oct. 1996.*
Akomode, O. Joseph et al. “Constructing customized models and providing information to support IT outsourcing decisions,” Logistics Information Management, 1998.*
Eloff, JHP et al. “A comparative framework for risk analysis methods,” Computers & Security, Oct. 1993.*
International Search Report, date of publication, Nov. 21, 2002, in International Publication No. WO 02/062049 A3.
Financial Institution Letters, “FDIC: Risk Assessment Tools and Practices for Information System Security,” pp. 1-10, Jul. 1999.
Technical Paper, “Internet Scanner™ Technical Overview,” Internet Security Systems, pp. 1-14, Dec. 2000.
Technical Paper, “Network and Host-based Vulnerability Assessment: A guide for information systems and network security professionals,” Internet Security Systems, pp. 1-9.
Accenture SAS
Brinks Hofer Gilson & Lione
Colón Catherine M
Hafiz Tariq R.
LandOfFree
Overall risk in a system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Overall risk in a system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Overall risk in a system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3448326