Method of assuring enterprise security standards compliance

Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

Reexamination Certificate

active

07657942

ABSTRACT:
A method, apparatus, and computer instructions for providing a current and complete security compliance view of an enterprise system. The present invention provides the ability to gain a real-time security posture and security compliance view of an enterprise and to assess the risk impact of known threats and attacks to continued business operations at various levels is provided. Responsive to a change to an enterprise environment, a request, or an external threat, an administrator loads or updates at least one of a Critical Application Operations database, a Historical database, an Access Control database, a Connectivity database, and a Threat database. Based on a comparison of information in the databases against similar security data elements from company or external policies, the administrator may generate a Security Compliance view of the enterprise. A Security Posture view may also be generated by comparing the Security Compliance view against data in the Threat database.

REFERENCES:
patent: 6226372 (2001-05-01), Beebe et al.
patent: 6240512 (2001-05-01), Fang et al.
patent: 6574617 (2003-06-01), Immerman et al.
patent: 6606708 (2003-08-01), Devine et al.
patent: 6971026 (2005-11-01), Fujiyama et al.
patent: 7096502 (2006-08-01), Fox et al.
patent: 7409721 (2008-08-01), Hernacki et al.
patent: 2002/0188861 (2002-12-01), Townsend
patent: 2007/0016955 (2007-01-01), Goldberg et al.
“Information Security Risk Assessment—Practices of Leading Organizations”, GAO, Nov. 1999, Retrieved from the Internet on Sep. 30, 2008: <URL: http://www.gao.gov/special.pubs/ai00033.pdf>.
Stoneburner et al., “Risk Management Guide for Information Technology Systems”, NIST, Jul. 2002, Retrieved from the Internet on Sep. 30, 2008: <URL: http://csrc.nist.gov/publications
istpubs/800-30/sp800-30.pdf>.
“CMS Information Security Risk Assessment (RA) Methodology”, CMS, Sep. 2002, Retrieved from the Internet on Sep. 30, 2008: <URL: http://csrc.nist.gov/groups/SMA/fasp/documents/risk—mgmt/RA—meth.pdf>.
Albert et al., “Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework”, Carnegie Mellon Univ., Jun. 1999, Retrieved from the Internet on Sep. 30, 2008: <URL: http://www.sei.cmu.edu/pub/documents/99.reports/pdf/99tr017.pdf>.
Henning, “Security Service Level Agreements: Quantifiable Security for the Enterprise?”, ACM Digital Library, 2000, pp. 54-60.
Medjahed et al., “Business-to-business interactions: issues and enabling technologies”, The VLDB Journal (2003) 12: 59-85 / Digital Object Identifier (DOI) 10.1007/s00778-003-0087-z, pp. 59-70.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Method of assuring enterprise security standards compliance does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Method of assuring enterprise security standards compliance, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of assuring enterprise security standards compliance will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-4201358

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.