Abstract: A computer-assisted system, method and medium for enabling a user to select at least one of a plurality of predefined process steps to create a tailored sequence of process steps that can be used to assess the risk of and/or determine the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement.

Abstract: A computer-implemented system, method and medium for assessing the risk of and/or determining the suitability of a system to comply with at least one predefined standard, regulation and/or requirement. In at least some embodiments of the present invention, the method comprises the steps of: 1) automatically or manually gathering information pertaining to the system, 2) selecting one or more requirements with which the system is to comply; 3) testing the system against the requirements; 4) performing risk assessment of the failed test procedures, and 5) generating certification documentation based on an assessment of the first four elements.

Abstract: A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes providing one or more test requirements categories, associating one or more first data elements with each requirements category, associating one or more second data elements with a degree of exposure of the target system to the one or more threats, comparing the first data elements to the second data elements to determine, based on predetermined rules, composite data elements for each requirements category; and selecting, based upon predetermined rules, a level of risk of the composite data elements as a baseline risk level for each requirements category.

Abstract: A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes electronically scanning, on a predetermined basis, hardware and/or software characteristics of components within a target system to obtain and store target system configuration information, receiving and storing target system operational environment information, using information collected in the scanning and receiving steps to select one or more security requirements in accordance with the at least one predefined standard, regulation and/or requirement, selecting one or more test procedures used to determine target system compliance with the security requirements, and producing a risk assessment of the target system.

Abstract: A computer-implemented system, method and medium for assessing the risk of and/or determining the suitability of a system to comply with at least one predefined standard, regulation and/or requirement. In at least some embodiments of the present invention, the method can utilize the steps of: 1) gathering information pertaining to the system, 2) selecting one or more requirements with which the system is to comply; 3) testing the system against the requirements; 4) performing risk assessment of the failed test procedures, and 5) generating certification documentation based on an assessment of the first four elements.

Abstract: A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes receiving at the computer at least one of a newly encountered hardware, software and/or operating system threat, updating a requirements repository to account for the threat, updating one or more target system test procedures to account for the threat, and conducting a risk assessment of the target system.

Abstract: A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes electronically scanning, on a predetermined basis, hardware and/or software characteristics of components within a target system to obtain and store target system configuration information, receiving and storing target system operational environment information, using information collected in the scanning and receiving steps to select one or more security requirements in accordance with the at least one predefined standard, regulation and/or requirement, selecting one or more test procedures used to determine target system compliance with the security requirements, and producing a risk assessment of the target system.

Abstract: A computer-assisted system, medium and method of providing a risk assessment of a target system. The method includes providing one or more test requirements categories, associating one or more first data elements with each requirements category, associating one or more second data elements with a degree of exposure of the target system to the one or more threats, comparing the first data elements to the second data elements to determine, based on predetermined rules, composite data elements for each requirements category; and selecting, based upon predetermined rules, a level of risk of the composite data elements as a baseline risk level for each requirements category.

Abstract: A computer-assisted system, method and medium for enabling a user to select at least one of a plurality of predefined process steps to create a tailored sequence of process steps that can be used to assess the risk of and/or determine the suitability of a target system to comply with at least one predefined standard, regulation and/or requirement.

Abstract: A computer-implemented system, method and medium for assessing the risk of and/or determining the suitability of a system to comply with at least one predefined standard, regulation and/or requirement. In at least some embodiments of the present invention, the method comprises the steps of: 1) gathering information pertaining to the system, 2) selecting one or more requirements with which the system is to comply; 3) testing the system against the requirements; 4) performing risk assessment of the failed test procedures, and 5) generating certification documentation based on an assessment of the first four elements.

Abstract: A computer-implemented system, method and medium for assessing the risk of and/or determining the suitability of a system to comply with at least one predefined standard, regulation and/or requirement. In at least some embodiments of the present invention, the method comprises the steps of: 1) automatically or manually gathering information pertaining to the system, 2) selecting one or more requirements with which the system is to comply; 3) testing the system against the requirements; 4) performing risk assessment of the failed test procedures, and 5) generating certification documentation based on an assessment of the first four elements.