Information security (IS) is becoming increasingly important for many types of organizations. IS involves protecting information, as well as systems storing the information, from unauthorized access, modification, disruption, or deletion. IS breaches can irreparably harm an organization as well as its customers and stakeholders. To avoid breaches, an organization may devote resources to securing its computer network(s) applications and databases, as well as periodically performing IS auditing of itself and any users of its information.
Prior to granting a third party access to information, an organization may perform an IS assessment of the third party's information security procedures. For example, an IS team may be composed of a group of human assessors, where one or more assessors are assigned to review the IS procedures of a particular third party. The assessor may work with the third party to remedy any potential security gaps in IS procedures prior to granting access to the information.
Often, an assessor is working on a predetermined number of assessments at the same time. When a new assessment is received, the assessor with the fewest number of pending assessments is typically assigned the new assessment. The amount of time and effort, however, required to complete an assessment may vary significantly from assessment to assessment.
The disclosure provides, inter alia, an improved manner of assigning assessments to assessors.