US 6,983,221 B2
Enhanced system, method and medium for certifying and accrediting requirements compliance utilizing robust risk assessment model
Richard P. Tracy, Ashburn, Va. (US); Hugh Barrett, Centreville, Va. (US); and Gary M. Catlin, Brick, N.J. (US)
Assigned to Telos Corporation, Asburn, Va. (US)
Filed on Nov. 27, 2002, as Appl. No. 10/304,825.
Prior Publication US 2004/0102922 A1, May 27, 2004
Int. Cl. G06F 17/18 (2006.01); G06F 11/00 (2006.01)
U.S. Cl. 702—181 71 Claims
OG exemplary drawing
 
1. A method, comprising:
associating at least one first data element uniquely with at least one requirement category, each first data element from the at least one first data element representing a potential of a vulnerability that could be used to exploit a target system;
associating at least one second data element uniquely with a degree of exposure of the target system to a threat associated with the vulnerability of the target system;
comparing the at least one first data element to the at least one second data element;
determining, based on predetermined rules, at least one composite data element for each requirement category from the at least one requirement category; and
determining a baseline risk level for each requirement category from the at least one requirement category, the baseline risk level for each requirement category being based on a level of risk of the composite data element associated with that requirement category.