公开(公告)号：US06980927B2

公开(公告)日：2005-12-27

申请号：US10304826

申请日：2002-11-27

申请人： Richard P. Tracy ,  Hugh Barrett ,  Gary M. Catlin

发明人： Richard P. Tracy ,  Hugh Barrett ,  Gary M. Catlin

IPC分类号： G06F20060101 ,  G06F1/00 ,  G06F15/00 ,  G06F21/00 ,  G06Q10/10 ,  H04L29/06 ,  G06F17/60

CPC分类号： H04L63/1433 ,  G06F21/577 ,  G06Q10/10 ,  H04L63/0823

摘要： A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes electronically scanning, on a predetermined basis, hardware and/or software characteristics of components within a target system to obtain and store target system configuration information, receiving and storing target system operational environment information, using information collected in the scanning and receiving steps to select one or more security requirements in accordance with the at least one predefined standard, regulation and/or requirement, selecting one or more test procedures used to determine target system compliance with the security requirements, and producing a risk assessment of the target system.

摘要翻译： 一种计算机辅助系统，介质和提供目标系统风险评估的方法。 该方法包括以预定的方式电子扫描目标系统内的组件的硬件和/或软件特性，以使用在扫描和接收步骤中收集的信息来获取和存储目标系统配置信息，接收和存储目标系统操作环境信息 根据至少一个预定义的标准，规定和/或要求来选择一个或多个安全要求，选择一个或多个用于确定目标系统符合安全要求的测试程序，以及产生目标系统的风险评估。

公开(公告)号：US06993448B2

公开(公告)日：2006-01-31

申请号：US09822868

申请日：2001-04-02

申请人： Richard P. Tracy ,  Hugh Barrett ,  Lon J. Berman ,  Gary M. Catlin

发明人： Richard P. Tracy ,  Hugh Barrett ,  Lon J. Berman ,  Gary M. Catlin

IPC分类号： G06F13/00

CPC分类号： H04L63/30 ,  G06F21/577 ,  G06Q10/06 ,  G06Q40/08 ,  H04L63/10

摘要： A computer-implemented system, method and medium for assessing the risk of and/or determining the suitability of a system to comply with at least one predefined standard, regulation and/or requirement. In at least some embodiments of the present invention, the method comprises the steps of: 1) automatically or manually gathering information pertaining to the system, 2) selecting one or more requirements with which the system is to comply; 3) testing the system against the requirements; 4) performing risk assessment of the failed test procedures, and 5) generating certification documentation based on an assessment of the first four elements.

公开(公告)号：US06901346B2

公开(公告)日：2005-05-31

申请号：US09794386

申请日：2001-02-28

申请人： Richard P. Tracy ,  Peter A. Smith ,  Lon J. Berman ,  Gary M. Catlin ,  David J. Wilson ,  Hugh Barrett ,  Larry L. Hall, Jr.

发明人： Richard P. Tracy ,  Peter A. Smith ,  Lon J. Berman ,  Gary M. Catlin ,  David J. Wilson ,  Hugh Barrett ,  Larry L. Hall, Jr.

IPC分类号： G06Q40/00 ,  G06F17/60

CPC分类号： G06Q40/08 ,  G06Q30/018

摘要： A computer-implemented system, method and medium for assessing the risk of and/or determining the suitability of a system to comply with at least one predefined standard, regulation and/or requirement. In at least some embodiments of the present invention, the method can utilize the steps of: 1) gathering information pertaining to the system, 2) selecting one or more requirements with which the system is to comply; 3) testing the system against the requirements; 4) performing risk assessment of the failed test procedures, and 5) generating certification documentation based on an assessment of the first four elements.

摘要翻译： 一种计算机实现的系统，方法和介质，用于评估系统遵守至少一个预定义的标准，规定和/或要求的适用性的风险和/或确定。 在本发明的至少一些实施例中，该方法可以利用以下步骤：1）收集关于该系统的信息，2）选择该系统要符合的一个或多个要求; 3）根据要求测试系统; 4）对失败的测试程序进行风险评估，5）根据前四个要素的评估生成认证文件。

公开(公告)号：US07380270B2

公开(公告)日：2008-05-27

申请号：US09946164

申请日：2001-09-05

申请人： Richard P. Tracy ,  Hugh Barrett ,  Lon J. Berman ,  Gary M. Catlin ,  Thomas G. Dimtsios

发明人： Richard P. Tracy ,  Hugh Barrett ,  Lon J. Berman ,  Gary M. Catlin ,  Thomas G. Dimtsios

IPC分类号： G06F17/30

CPC分类号： G06Q10/10 ,  G06Q10/06 ,  G06Q40/08

摘要： A computer-assisted system, method and medium for enabling a user to select at least one of a plurality of predefined process steps to create a tailored sequence of process steps that can be used to assess the risk of and/or determine the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement.

摘要翻译： 一种用于使用户能够选择多个预定义的过程步骤中的至少一个的计算机辅助系统，方法和介质，以创建可用于评估风险和/或确定适合性的风险的确定的过程步骤序列 目标系统符合至少一个预定义的标准，规定和/或要求。

公开(公告)号：US06983221B2

公开(公告)日：2006-01-03

申请号：US10304825

申请日：2002-11-27

申请人： Richard P. Tracy ,  Hugh Barrett ,  Gary M. Catlin

发明人： Richard P. Tracy ,  Hugh Barrett ,  Gary M. Catlin

IPC分类号： G06F17/18 ,  G06F11/00

CPC分类号： G06Q40/08 ,  G06F21/577 ,  G06F2221/034

摘要： A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes providing one or more test requirements categories, associating one or more first data elements with each requirements category, associating one or more second data elements with a degree of exposure of the target system to the one or more threats, comparing the first data elements to the second data elements to determine, based on predetermined rules, composite data elements for each requirements category; and selecting, based upon predetermined rules, a level of risk of the composite data elements as a baseline risk level for each requirements category.

摘要翻译： 一种计算机辅助系统，介质和提供目标系统风险评估的方法。 该方法包括提供一个或多个测试需求类别，将一个或多个第一数据元素与每个需求类别相关联，将一个或多个第二数据元素与目标系统的暴露程度与一个或多个威胁相关联，将第一数据 元素到第二数据元素，以基于预定规则确定每个需求类别的复合数据元素; 以及基于预定规则，将所述复合数据元素的风险水平作为每个需求类别的基准风险水平进行选择。