Patents by Inventor Richard W. Heroux

Richard W. Heroux has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20130311224
    Abstract: A method and system for risk assessment. A question set including one or more questions may be transmitted. Each question may be based on statutory, sectoral or standards requirements relating to how an entity handles information, and each question may be associated with one or more categories. An answer set may be received including one or more selected answers. Each selected answer may correspond to a question in the transmitted question set and each selected answer may be associated with a risk score. The risk score may be related to the statutory, sectoral or standards requirements. An assessment based on the answer set may be generated and transmitted. The assessment may include one or more questions and corresponding answers organized by risk score and category. A request for remediation action may be generated and transmitted when an answer corresponding to a question is associated with a risk score above a threshold risk score.
    Type: Application
    Filed: April 16, 2013
    Publication date: November 21, 2013
    Inventors: Richard W. Heroux, Paul E. Nowling, Warren R. Federgreen, Julie E. Hurley, Linda Grimm, Mark Brady
  • Patent number: 8296244
    Abstract: A method and system for guiding end-users with respect to payment card data security standards. The system uses guidance questions that are worded simply and intelligibly so that end-users, regardless of their technical background or expertise, can understand the underlying issues and provide the proper answer. The guidance questions are generated from the PCI DSS SAQ and related guidance documents, to generate a list of positive, negative or non-applicable SAQ answers at the end of the process. The system generates action items with applicable policy statements for negative answers, if necessary, such that a completed questionnaire can be generated with all positive answers and sent to the authoritative entity. The system also generates vulnerability level reports based on the end-user's answers to assist the end-user and the host in assessing PCI DSS compliance readiness. The host can process the generated information, for example, to do risk analysis or risk management.
    Type: Grant
    Filed: December 23, 2011
    Date of Patent: October 23, 2012
    Assignee: CSRSI, Inc.
    Inventor: Richard W. Heroux