公开(公告)号：US20190207981A1

公开(公告)日：2019-07-04

申请号：US16240470

申请日：2019-01-04

申请人： OPAQ Networks, Inc.

发明人： Matthew Stephen Sweeney ,  Casey CORCORAN ,  John CAMP ,  Chris WACKER ,  Brit WANICK ,  Derek Gabbard

IPC分类号： H04L29/06 ,  H04L12/24 ,  H04L12/26

CPC分类号： H04L63/20 ,  G06F21/577 ,  G06F2221/034 ,  G06Q10/0635 ,  H04L41/0686 ,  H04L41/069 ,  H04L41/0816 ,  H04L41/0883 ,  H04L41/142 ,  H04L41/145 ,  H04L43/045 ,  H04L43/06 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441

摘要： Method and system embodiments for assessing control maturity in security operations environments are described. According to some embodiments, the method facilitates a nonintrusive, automated means to configure and detect security controls installed in an Information Technology (IT) environment. The system verifies that these controls function as expected over a specified period of time and then maps each security control to a cell in a matrix of operational functions crossed with asset classes. The system captures metrics for security control activity that are displayed in the matrix to facilitate an assessment of security control architectural maturity. The system automatically generates visual and textual reports that provide recommendations to improve cybersecurity by enhancing existing and adding new controls, specify a suggested timeline for introducing those controls, and document gaps in compliance. The reports include automated remediation recommendations per compliance framework, including the ability to apply custom frameworks.