Patent application number | Description | Published |
20080270198 | Systems and Methods for Providing Remediation Recommendations - In one embodiment, a system and method pertain to receiving audit exceptions indicative of instances of noncompliance of an information system under evaluation relative to a policy or standard, identifying remediation recommendations that are relevant to the audit exceptions and that indicate how to correct conditions that caused the noncompliance, and providing the remediation recommendations to an entity responsible for correcting the conditions so as to provide information as to how the information system can be brought into compliance with the policy or standard. | 10-30-2008 |
20110252479 | METHOD FOR ANALYZING RISK - A method for analyzing risk to a system, the method being carried out by a computer having a processor and system memory, includes the steps of inputting data representing multiple threat objectives that comprise the risk, calculating a residual risk for each threat objective in view of a plurality of control mechanisms, and generating output representing an overall residual risk to the system that is a combination of the residual risks. | 10-13-2011 |
20120110669 | METHOD AND SYSTEM FOR ANALYZING AN ENVIRONMENT - A system for analyzing an environment to identify a security risk, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters. | 05-03-2012 |
20120110670 | SYSTEM AND METHOD FOR ANALYZING A PROCESS - A system for analyzing a process, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and including components representing a process for provisioning and de-provisioning of access credentials for an individual in the environment and a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters, and to use a results plan to provide data for identifying the security risk using the multiple instances. | 05-03-2012 |
20120110671 | METHOD AND SYSTEM FOR ANALYZING AN ENVIRONMENT - A system for analyzing an environment to identify a security risk in a process, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and including components representing a patching process for the environment, a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters, and to use a results plan to provide data for identifying a security risk in the patching process using the multiple instances. | 05-03-2012 |
20120179501 | DECISION SUPPORT - Information relating to an entity's objectives is received, a utility function based on the received objectives is derived, the utility function is compared with results from a number of simulated investment options, and the comparisons are presented to a user associated with the entity. | 07-12-2012 |
20130055394 | NETWORK SECURITY RISK ASSESSMENT - A security risk of a computer network is assessed by simulating a threat environment of the computer network, wherein the threat environment includes a vulnerability and a website, simulating a protection environment of the computer network and a computer system in the computer network, and simulating network activity of the computer system. The security risk of the computer network is assessed based at least in part on the simulated threat environment, the simulated protection environment, and the simulated network activity of the computer system. | 02-28-2013 |
20140337971 | COMPUTER INFRASTRUCTURE SECURITY MANAGEMENT - A mapping system is provided that makes use of security data collected from various data sources. Following appropriate pre-processing, the mapping system analyses the security data to provide estimated values for parameters in a security model, the security model in turn being based on one or more mathematical representations. | 11-13-2014 |