Information security – Policy
Reexamination Certificate
2007-10-30
2007-10-30
Revak, Christopher (Department: 2131)
Information security
Policy
Reexamination Certificate
active
10134815
ABSTRACT:
A method for assessing an information security policy and practice of an organization, including determining a risk associated with the information security policy and practice, collecting information about the information security policy and practice, generating a rating using a security maturity assessment matrix, the collected information, and the risk associated with the information security policy and practice, generating a list of corrective actions using the rating, executing the list of corrective actions to create a new security information policy and practice, and monitoring the new security information policy and practice.
REFERENCES:
patent: 7124145 (2006-10-01), Surasinghe
patent: 2006/0106825 (2006-05-01), Cozzi
patent: 2006/0112060 (2006-05-01), Weigt et al.
patent: 2006/0184995 (2006-08-01), Backes et al.
patent: 2007/0006190 (2007-01-01), Surasinghe
Buren, Andre M, Information Security at Top Level, IFIP congress, 1999.
CERIAS and Anderson Consulting, Policy Framework for Interpreting Risk in eCommerce Security, CERIAS Tech Report 2000-01, no date provided.
COBRA, ISO17799/BS7799 Security Consultant, http://web.archive.org/web/20010420021331/http://www.securitypolicy.co.uk/secconsu.htm, no date provided.
COBRA, COBRA Release 3: The Next Step, http://web.archive.org/web/20010303012331/www.securitypolicy.co.uk/rel3.htm, no date provided.
Allard, JL, System Security Engineering-Capability Maturity Model, ISACA Round Table Oct. 20, 2001, http://www.isaca.be.
“Security Risk Analysis, ISO 17799 (or BS7799), Security Policies and Security Audit Solutions;” copyright 1993-2001, Matrix0 Web Services, 3 pages; http://www.securityauditor.net.
“What is: ISO 17799?”, copyright 2000-2001 Security Risk Associates, 2 pages; http://www.securityauditor.net/iso17799/what.htm.
“COBRA Risk Consultant,” copyright 2001, C&A Security Risk Analysis Group; 2 pages; http://www.security-risk-analysis.com/riskcon.htm.
“COBRA Knowledge Bases,” copyright 2001 C&A Security Risk Analysis Group; 5 pages; http://www.security-risk-analysis.com/cobkbs.htm.
Systems Security Engineering Capability Maturity Model (“SSECMM”); Model & Appraisal Method Summary; Apr. 1999; pp. 1-24; International Systems Security Engineering Association; www.issea.org.
Mark C. Paulk et al.; “Capability Maturity Model for Software, Version 1.1”; Technical Report, CMU/SEI-93-TR-024, ESC, TR-93-177, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA; Feb. 1993; 82 pages.
Baudoin Claude R.
Elliott Colin R.
Osha & Liang LLP
Revak Christopher
Schlumberger Omnes, Inc.
LandOfFree
Security maturity assessment method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security maturity assessment method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security maturity assessment method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3892339