公开(公告)号：US20090210267A1

公开(公告)日：2009-08-20

申请号：US12032900

申请日：2008-02-18

Applicant: Bryan David Fish ,  Stephen Matthew Brewer

Inventor： Bryan David Fish ,  Stephen Matthew Brewer

IPC: G06Q99/00

CPC classification number: G06Q10/06 ,  G06Q10/0635

Abstract: A computer system and method is disclosed for automatically and dynamically mapping risk management controls to risk management profiles based upon criteria associated with each control and values associated with each risk management profile. A database is populated with a plurality of risk management controls which may correspond to the commandments of a security requirement. The database is also populated with a plurality of risk management profiles and associated attribute values which represent information technology subjects within an organization. A computer process maps each individual risk management control to the appropriate profiles so that the organization may properly execute the control on the associated subject. Alternatively, a set of risk management profiles may be automatically determined based upon the risk management profiles and a plurality of commandments associated with a security reference.

Abstract translation: 公开了一种计算机系统和方法，用于基于与每个控制相关联的标准和与每个风险管理简档相关联的值自动地和动态地将风险管理控制映射到风险管理简档。 数据库被填充有可以对应于安全要求的诫命的多个风险管理控制。 数据库还填充有多个风险管理简档和表示组织内的信息技术主题的相关属性值。 计算机进程将每个单独的风险管理控制映射到适当的配置文件，使得组织可以适当地执行对相关主题的控制。 或者，可以基于风险管理简档和与安全参考相关联的多个诫命来自动确定一组风险管理简档。