Abstract: In one aspect, a computerized advanced common controls framework (ACCF) method for all risk domains of cyber security as prescribed in each framework comprising: providing a risk identification, quantification, and mitigation engine delivery platform of an entity; obtaining a set of Control Frameworks (CFs) related to a risk identification, quantification, and mitigation engine delivery of the entity; creating an ACCF from the set of CFs, wherein the ACCF comprises a collection of CFs that when combined enable a commingling of individual controls; and with the risk identification, quantification, and mitigation engine delivery platform of an entity, applying the ACCF to perform an operational and compliance risk reporting.

Abstract: A computerized process useful for automating Risk Identification, Quantification, Benchmarking and Mitigation in an enterprise computer system, includes the step of integrating an enterprise security, privacy and compliance system in an enterprise computer system. The enterprise security, privacy and compliance system monitors a set of risk sources. The method includes the step of implementing an identification and a weighted scoring of a set of risks associated with each risk source. The method includes the step of, with a specified machine learning technique, matching a set of similar risk inputs with an associated weight. The set of similar risk inputs are similar to the risk sources in the RPPBM practice. The method includes the step of monitoring the relevant enterprise systems for changes in risk levels of each risk source. The method includes the step of generating a risk-score number for each risk source. The risk-score number is used to avoid a subjective assessment of the risk source.

Abstract: In one aspect, a hardware risk information system for implementing a local risk information agent system for assessing a risk score from a hardware risk information comprising a local risk information agent that is installed in and running on a hardware system of an enterprise asset, wherein the local risk information agent manages a collection of the hardware risk information used to calculate a risk score of the hardware system of the enterprise asset by tracking a specified set of parameters about the hardware system, wherein the local risk information agent pushes the collection of the hardware risk information to a risk management hardware device, and wherein on a periodic basis, the local risk information agent uses a risk management hardware device to write the collection of the hardware risk information in a secure manner using a cryptographic key; a risk management hardware device comprising a repository for all the risk parameters of the hardware system of the enterprise asset, wherein the risk mana

Abstract: A computerized process useful for automating Risk Identification, Quantification, Benchmarking and Mitigation in an enterprise computer system, includes the step of integrating an enterprise security, privacy and compliance system in an enterprise computer system. The enterprise security, privacy and compliance system monitors a set of risk sources. The method includes the step of implementing an identification and a weighted scoring of a set of risks associated with each risk source. The method includes the step of, with a specified machine learning technique, matching a set of similar risk inputs with an associated weight. The set of similar risk inputs are similar to the risk sources in the RPPBM practice. The method includes the step of monitoring the relevant enterprise systems for changes in risk levels of each risk source. The method includes the step of generating a risk-score number for each risk source. The risk-score number is used to avoid a subjective assessment of the risk source.

Abstract: A hardware risk information system for implementing a local risk information agent system for assessing a risk score from a hardware risk information including a local risk information agent that is installed in and running on a hardware system of an enterprise asset. The local risk information agent manages a collection of the hardware risk information used to calculate a risk score of the hardware system of the enterprise asset by tracking a specified set of parameters about the hardware system. The local risk information agent pushes the collection of the hardware risk information to a risk management hardware device. The risk management hardware device is a repository for all the risk parameters of the hardware system of the enterprise asset. The risk management hardware device generates the risk score for the hardware system using the collection of the hardware risk information.

Abstract: A method for web services policy management is disclosed. In one embodiment, the method includes providing a set of policies in a policy dataset in a web services system. The policy dataset is adapted to be accessed by applications in the web services system. The policies are associated with user-defined classes and user-defined levels. One or more policies in the policy dataset are updated to provide an updated policy dataset. The updated policy dataset is accessed by an immediately subsequent activity of the applications. In another embodiment, a method for web services policy management includes detecting a flag indicative of a change, addition or deletion in one or more policies in a web services system. The policies are in a database that is configurable to associate policies with user-defined classes and user-defined levels. At least the one or more policies is uploaded in run-time for application to subsequent activities within the web services system.

Abstract: An arrangement for the management and integration of web services is disclosed. The arrangement includes a transaction adapter module and a query adapter module. Each of the adapter modules includes one or more adapters. The transaction adapter module receives client requests in a client-specific protocol and translates at least a portion of the requests to a predetermined protocol. The translated portions are communicated to a service broker, which directs the queries to query services through the query adapter module in the predetermined protocol. The query adapter module translates the query from the predetermined protocol to a service-specific protocol. The predetermined protocol allows the adapter modules and the service broker to be decoupled, thus allowing dynamic loading of adapters to the adapter modules.