Invention Grant
- Patent Title: Method and tool for information security assessment that integrates enterprise objectives with vulnerabilities
- Patent Title (中): 将企业目标与漏洞整合的信息安全评估方法和工具
-
Application No.: US12493799Application Date: 2009-06-29
-
Publication No.: US08353045B2Publication Date: 2013-01-08
- Inventor: Bugra Karabey , Nazife Baykal
- Applicant: Bugra Karabey , Nazife Baykal
- Agency: Collen IP
- Agent Donald J. Ranft
- Main IPC: G06F21/00
- IPC: G06F21/00
Abstract:
In one aspect, a method to assess information security vulnerability of an enterprise includes storing enterprise objectives in a computer system, storing enterprise resources determined using a value criterion, a rareness criterion, an inimitability criterion and a non-substitutability criterion in the computer system and storing enterprise information assets in the computer system. The method also includes mapping the enterprise objectives with the enterprise resources and mapping the enterprise information assets with the enterprise resources. The method further includes determining a threat analysis using an attack tree using the enterprise resources and the information assets and determining a risk value using the attack tree.
Public/Granted literature
Information query
