1. Field of Invention
This invention generally relates to processes that enable the reporting, measurement, management, and safeguarding of information technology resources through a knowledge-management system.
2. Prior Art
A plethora of commercial software programs are available to identify security threats, perform risk assessments, determine compliance with policies, and analyze vulnerabilities for individual computers and networks. However, these programs produce a large volume of technical data without the context of the other areas of asset and risk management or any way to gain a holistic perspective on what this data represents. Because of the technical nature of the information solutions have taken a very granular approach to reporting. These basic issues have presented several difficult problems for people managing information technology resources, especially in large enterprises with thousands of computer, printers, networks devices, etc.
One critical issue is the gap of knowledge between technicians and business leaders. Experienced technicians can understand the information at a granular level but have no way to get a holistic view of the information. Business decision makers need a holistic view but have neither the technical experience to understand the granular information from each computer and no way to get an accurate holistic perspective from their technicians. This has produced an information technology environment that is difficult to manage without the availability of empirical holistic data on enterprise information technology resources.
Another important issue is that the nature of data that is summarized by the technicians is anecdotal, unrepeatable, and unreliable. This leads to many faulty decisions about problems, root causes, opportunity, risk and the prioritization of resources.
These limitations have produced a climate where information technology risk management issues are managed by subjective analysis instead of empirical metrics. These disadvantages will become even more pronounced as the amount of risk management increases as information technology resources such as computer and other devices become more automated, ubiquitous and embedded in operations, business process, and management.