US 6,983,221 B2 | ||
Enhanced system, method and medium for certifying and accrediting requirements compliance utilizing robust risk assessment model | ||
Richard P. Tracy, Ashburn, Va. (US); Hugh Barrett, Centreville, Va. (US); and Gary M. Catlin, Brick, N.J. (US) | ||
Assigned to Telos Corporation, Asburn, Va. (US) | ||
Filed on Nov. 27, 2002, as Appl. No. 10/304,825. | ||
Prior Publication US 2004/0102922 A1, May 27, 2004 | ||
Int. Cl. G06F 17/18 (2006.01); G06F 11/00 (2006.01) |
U.S. Cl. 702—181 | 71 Claims |
1. A method, comprising:
associating at least one first data element uniquely with at least one requirement category, each first data element from
the at least one first data element representing a potential of a vulnerability that could be used to exploit a target system;
associating at least one second data element uniquely with a degree of exposure of the target system to a threat associated
with the vulnerability of the target system;
comparing the at least one first data element to the at least one second data element;
determining, based on predetermined rules, at least one composite data element for each requirement category from the at least
one requirement category; and
determining a baseline risk level for each requirement category from the at least one requirement category, the baseline risk
level for each requirement category being based on a level of risk of the composite data element associated with that requirement
category.
|