Abstract: A system and method for managing implementation of policies in an information technologies system receives at least one policy function, at least one refinement template and at least one available policy function from the at least one memory, receives a policy input indicating a high-level policy for the IT system where the policy input is compliant with the at least one policy function and is received in a format that is not machine-enforceable at an enforcement entity of the IT system, based on the received policy input, automatically or semi-automatically generates a machine-enforceable rule and/or configuration by filling the at least one refinement template, where the machine-enforceable rule and/or configuration includes the at least one available policy function and being compliant with the received policy input, and distributes the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.

Abstract: A system and method for managing implementation of policies in an information technologies system receives at least one policy function, at least one refinement template and at least one available policy function from the at least one memory, receives a policy input indicating a high-level policy for the IT system where the policy input is compliant with the at least one policy function and is received in a format that is not machine-enforceable at an enforcement entity of the IT system, based on the received policy input, automatically or semi-automatically generates a machine-enforceable rule and/or configuration by filling the at least one refinement template, where the machine-enforceable rule and/or configuration includes the at least one available policy function and being compliant with the received policy input, and distributes the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.

Abstract: A method of managing supply chain risks having a supply chain risk analysis implementation, includes loading from a data storage or a memory, supply chain data for a supply chain which indicates information about the supply chain; mapping the supply chain data to a consistent input model; automatically analyzing, by an analytics module implemented on a processor, the input model to detect supply chain anomalies indicating the supply chain risks; producing an analysis results output of the analyzed input model; and outputting the analysis results output of the detected supply chain anomalies to the memory, the data storage, a display, or a message. A supply chain risk analysis system includes the processor, the data storage or the memory that stores the supply chain data for the supply chain which indicates information about the supply chain. The processor is configured to perform the processes.

Abstract: A method of managing supply chain risks having a supply chain risk analysis implementation, includes loading from a data storage or a memory, supply chain data for a supply chain which indicates information about the supply chain; mapping the supply chain data to a consistent input model; automatically analyzing, by an analytics module implemented on a processor, the input model to detect supply chain anomalies indicating the supply chain risks; producing an analysis results output of the analyzed input model; and outputting the analysis results output of the detected supply chain anomalies to the memory, the data storage, a display, or a message. A supply chain risk analysis system includes the processor, the data storage or the memory that stores the supply chain data for the supply chain which indicates information about the supply chain. The processor is configured to perform the processes.

Abstract: Method and system for automating analyzing anomalies of an item for which no golden reference item is available, by using reference information, wherein the golden reference item is a known non-abnormal instance of an analyzed assembly, includes loading from a data storage, a memory, or via a communication, or user entry, item information of an analyzed item to be analyzed to be either expected or abnormal; loading reference information about the analyzed item; preprocessing both of the item information and the reference information to facilitate analysis; analyzing the item information and the reference information to determine a result that indicates whether elements of the item are confirmed by the reference information to be expected or abnormal; generating an output data with the result; and storing the output data pertaining to the result in a memory.

Abstract: A method of automatically configuring an action determination model includes determining an environment model, determining an action determination model that indicates an action option, determining whether the action determination model indicates a next action option, and if so, determining an action based on the action determination model, simulating execution of the action across the environment model, obtaining a simulated result, adjusting the action determination model. Then, until environment or an agent reach an end state, the following are repeated: determining whether the action determination model indicates the next action option, and if so, determining the action based on the action determination model, simulating the execution of the action across the environment model, obtaining the simulated result, and adjusting the action determination model.

Abstract: A method of managing supply chain risks having a supply chain risk analysis implementation, includes loading from a data storage or a memory, supply chain data for a supply chain which indicates information about the supply chain; mapping the supply chain data to a consistent input model; automatically analyzing, by an analytics module implemented on a processor, the input model to detect supply chain anomalies indicating the supply chain risks; producing an analysis results output of the analyzed input model; and outputting the analysis results output of the detected supply chain anomalies to the memory, the data storage, a display, or a message. A supply chain risk analysis system includes the processor, the data storage or the memory that stores the supply chain data for the supply chain which indicates information about the supply chain. The processor is configured to perform the processes.

Abstract: A policy management method and system, which determines at least one functional model for the IT system; loads at least one pre-configured policy selection template that indicates at least one policy aspect applicable to the at least one IT system; generates at least one policy user interface that gathers a policy input; receives a policy input loaded from a data storage or a memory or entered by a user via a user interface; loads at least one pre-configured policy generation template that indicates at least one technical rule or configuration aspect of the policy that the policy template pertains to; generates at least one machine-enforceable rule/configuration compliant with the received input policy; transmits the at least one machine-enforceable rule and/or configuration to at least one policy implementation entity; and executes the transmitted at least one machine-enforceable rule/configuration.

Abstract: A system and method for managing and analyzing security requirements in reusable models. At least one functional model, at least one security implementation model, at least one requirement model, and meta models of the models are read by a reader. A correspondence between the functional model, security implementation model, and the requirements model is analyzed, whereby the correspondence indicates that compliance/security/accreditation requirements defined in the requirement model match with security objectives implemented by controls defined by the security implementation model. Next, it is determined whether correspondence is or is not given based on the analysis of the correspondence and then evidence is generated based on the analysis of the correspondence and the determination and the impact of changes is analyzed.

Abstract: A method of automating an agent for environment includes loading an action determination model that indicates an action option, determining whether the action determination model indicates a next action option, and if so, determining an action based on the action determination model, determining whether an execution data model has been stored, and if so, obtaining data pertaining to the determined action, executing the action, determining a result of the action, storing the data pertaining to the result in an execution data model. Then, until the environment or agent reach an end state, the following are repeated: determining whether the action determination model indicates the next action option, and if so, determining the action based on the action determination model, and determining whether the execution data model has been stored, and if so, obtaining the data pertaining to the determined action.

Abstract: A policy management system includes a policy management device that is configured to manage a policy input and/or a template and/or a functional model, a policy enforced device that is directly or indirectly connected to the policy management device via a network and that is configured such that at least a part of the functional model managed by the policy management device reflects the functional features/behaviors of the policy enforced device, a policy enforcement device that is configured to execute policy enforcement on the policy enforced device, and a policy decision device that is configured to receive machine-enforceable rule and/or configuration from the policy management device.

Abstract: A system and method for managing and analyzing security requirements in reusable models. At least one functional model, at least one security implementation model, at least one requirement model, and meta models of the models are read by a reader. A correspondence between the functional model, security implementation model, and the requirements model is analyzed, whereby the correspondence indicates that compliance/security/accreditation requirements defined in the requirement model match with security objectives implemented by controls defined by the security implementation model. Next, it is determined whether correspondence is or is not given based on the analysis of the correspondence and then evidence is generated based on the analysis of the correspondence and the determination and the impact of changes is analyzed.

Abstract: A system and method for managing implementation of policies in an information technologies system receives at least one policy function, at least one refinement template and at least one available policy function from the at least one memory, receives a policy input indicating a high-level policy for the IT system where the policy input is compliant with the at least one policy function and is received in a format that is not machine-enforceable at an enforcement entity of the IT system, based on the received policy input, automatically or semi-automatically generates a machine-enforceable rule and/or configuration by filling the at least one refinement template, where the machine-enforceable rule and/or configuration includes the at least one available policy function and being compliant with the received policy input, and distributes the machine-enforceable rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.

Abstract: A system and method for managing and analyzing security requirements in reusable models. At least one functional model, at least one security implementation model, at least one requirement model, and meta models of the models are read by a reader. A correspondence between the functional model, security implementation model, and the requirements model is analyzed, whereby the correspondence indicates that compliance/security/accreditation requirements defined in the requirement model match with security objectives implemented by controls defined by the security implementation model. Next, it is determined whether correspondence is or is not given based on the analysis of the correspondence and then evidence is generated based on the analysis of the correspondence and the determination and the impact of changes is analyzed.

Abstract: A policy management system includes a policy management device that is configured to manage a policy input and/or a template and/or a functional model, a policy enforced device that is directly or indirectly connected to the policy management device via a network and that is configured such that at least a part of the functional model managed by the policy management device reflects the functional features/behaviors of the policy enforced device, a policy enforcement device that is configured to execute policy enforcement on the policy enforced device, and a policy decision device that is configured to receive machine-enforceable rule and/or configuration from the policy management device.

Abstract: A system and method for managing implementation of policies in an information technologies system receives into a processor at least one policy function stored in at least one memory, receives into the processor a policy input indicating a high-level policy for the IT system, the policy input being compliant with the at least one policy function, based on the received policy input, automatically or semi-automatically generates via the processor a rule and/or configuration by replacing at least one policy function in the policy input with the at received least one policy function, the generated rule and/or configuration being compliant with the received policy input or replacing at least one value or value placeholder in the policy input with a corresponding value, and distributes the rule and/or configuration to the at least one memory of the IT system or another at least one memory to thereby enable implementation of the policies.

Abstract: A policy management system includes a policy management device that is configured to manage a policy input and/or a template and/or a functional model, a policy enforced device that is directly or indirectly connected to the policy management device via a network and that is configured such that at least a part of the functional model managed by the policy management device reflects the functional features/behaviors of the policy enforced device, a policy enforcement device that is configured to execute policy enforcement on the policy enforced device, and a policy decision device that is configured to receive machine-enforceable rule and/or configuration from the policy management device.

Abstract: A policy management method and system, which determines at least one functional model for the IT system; loads at least one pre-configured policy selection template that indicates at least one policy aspect applicable to the at least one IT system; generates at least one policy user interface that gathers a policy input; receives a policy input loaded from a data storage or a memory or entered by a user via a user interface; loads at least one pre-configured policy generation template that indicates at least one technical rule or configuration aspect of the policy that the policy template pertains to; generates at least one machine-enforceable rule/configuration compliant with the received input policy; transmits the at least one machine-enforceable rule and/or configuration to at least one policy implementation entity; and executes the transmitted at least one machine-enforceable rule/configuration.

Abstract: A system and method for managing and analyzing security requirements in reusable models. At least one functional model, at least one security implementation model, at least one requirement model, and meta models of the models are read by a reader. A correspondence between the functional model, security implementation model, and the requirements model is analyzed, whereby the correspondence indicates that compliance/security/accreditation requirements defined in the requirement model match with security objectives implemented by controls defined by the security implementation model. Next, it is determined whether correspondence is or is not given based on the analysis of the correspondence and then evidence is generated based on the analysis of the correspondence and the determination and the impact of changes is analyzed.

Abstract: A policy management system includes a policy management device that is configured to manage a policy input and/or a template and/or a functional model, a policy enforced device that is directly or indirectly connected to the policy management device via a network and that is configured such that at least a part of the functional model managed by the policy management device reflects the functional features/behaviors of the policy enforced device, a policy enforcement device that is configured to execute policy enforcement on the policy enforced device, and a policy decision device that is configured to receive machine-enforceable rule and/or configuration from the policy management device.