Method and system for cyber-security vulnerability detection and compliance measurement (CDCM)

摘要

Method and System for Cyber-Security Vulnerability Detection and Compliance Measurement (CDCM) provides any entity, organization or individual with access to or possession of sensitive, confidential or secret information, defined as “protected information,” in digital format that is received, processed, stored or distributed by a computer, computer system or digital processing equipment with the capability to detect and respond to cyber security vulnerabilities and to measure compliance with cyber-security requirements as established by the Federal Security Information Management Act (FISMA) for the security of protected information and certain additional related desirable or mandatory cyber-security requirements. In one sample embodiment of the invention, the method utilizes a damage assessment function; a security assessment function; a security plan or planning function; a training management function; a response management function; a cyber-security management function; a scoring measurement function; and a review and analysis function; to establish a quantifiable and definitive numerical measurement of the relative compliance of a specific processing system, at a specific point in time, to a defined and established threshold value of performance, or compliance acceptance, and to provide, assemble and be capable of archiving the supporting parameters, status, states and analysis that is specifically associated with the numerical value which represents the specific processing system's state of compliance at the specified time and to utilize various intermediate values and parameters to manage and enhance the performance of the specific system thereby improving the systems compliance score and numerical performance measurement value.