DE69905726T2 - Anpassungsfaehige anordnung und anpassungsfaehiges verfahren zur auswahl von gegenmassnahmen - Google Patents

Anpassungsfaehige anordnung und anpassungsfaehiges verfahren zur auswahl von gegenmassnahmen

Info

Publication number
DE69905726T2
DE69905726T2 DE69905726T DE69905726T DE69905726T2 DE 69905726 T2 DE69905726 T2 DE 69905726T2 DE 69905726 T DE69905726 T DE 69905726T DE 69905726 T DE69905726 T DE 69905726T DE 69905726 T2 DE69905726 T2 DE 69905726T2
Authority
DE
Germany
Prior art keywords
adaptable
strength level
application
organization
arrangement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
DE69905726T
Other languages
English (en)
Other versions
DE69905726D1 (de
Inventor
J Townsend
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sun Microsystems Inc
Original Assignee
Sun Microsystems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Microsystems Inc filed Critical Sun Microsystems Inc
Publication of DE69905726D1 publication Critical patent/DE69905726D1/de
Application granted granted Critical
Publication of DE69905726T2 publication Critical patent/DE69905726T2/de
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Keying Circuit Devices (AREA)
  • Input Circuits Of Receivers And Coupling Of Receivers And Audio Equipment (AREA)
  • Channel Selection Circuits, Automatic Tuning Circuits (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Radio Transmission System (AREA)
  • Selective Calling Equipment (AREA)
  • Mobile Radio Communication Systems (AREA)
DE69905726T 1998-08-05 1999-08-04 Anpassungsfaehige anordnung und anpassungsfaehiges verfahren zur auswahl von gegenmassnahmen Expired - Fee Related DE69905726T2 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/129,626 US6374358B1 (en) 1998-08-05 1998-08-05 Adaptive countermeasure selection method and apparatus
PCT/US1999/017575 WO2000008543A1 (en) 1998-08-05 1999-08-04 Adaptive countermeasure selection method and apparatus

Publications (2)

Publication Number Publication Date
DE69905726D1 DE69905726D1 (de) 2003-04-10
DE69905726T2 true DE69905726T2 (de) 2003-12-18

Family

ID=22440855

Family Applications (1)

Application Number Title Priority Date Filing Date
DE69905726T Expired - Fee Related DE69905726T2 (de) 1998-08-05 1999-08-04 Anpassungsfaehige anordnung und anpassungsfaehiges verfahren zur auswahl von gegenmassnahmen

Country Status (6)

Country Link
US (2) US6374358B1 (de)
EP (1) EP1101159B1 (de)
AT (1) ATE233918T1 (de)
AU (1) AU5896999A (de)
DE (1) DE69905726T2 (de)
WO (1) WO2000008543A1 (de)

Families Citing this family (101)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6374358B1 (en) * 1998-08-05 2002-04-16 Sun Microsystems, Inc. Adaptive countermeasure selection method and apparatus
US7140039B1 (en) 1999-06-08 2006-11-21 The Trustees Of Columbia University In The City Of New York Identification of an attacker in an electronic system
US7272855B1 (en) 1999-06-08 2007-09-18 The Trustees Of Columbia University In The City Of New York Unified monitoring and detection of intrusion attacks in an electronic system
US7013296B1 (en) 1999-06-08 2006-03-14 The Trustees Of Columbia University In The City Of New York Using electronic security value units to control access to a resource
JP4084914B2 (ja) * 1999-09-29 2008-04-30 株式会社日立製作所 セキュリティ評価方法および装置、セキュリティ施策の作成支援方法および装置
JP2001273388A (ja) * 2000-01-20 2001-10-05 Hitachi Ltd セキュリティ管理システムおよび方法
US6484173B1 (en) * 2000-02-07 2002-11-19 Emc Corporation Controlling access to a storage device
US6925443B1 (en) * 2000-04-26 2005-08-02 Safeoperations, Inc. Method, system and computer program product for assessing information security
US20040034794A1 (en) * 2000-05-28 2004-02-19 Yaron Mayer System and method for comprehensive general generic protection for computers against malicious programs that may steal information and/or cause damages
JP2002056176A (ja) 2000-06-01 2002-02-20 Asgent Inc セキュリティポリシー構築方法及び装置並びにセキュリティポリシー構築を支援する方法及び装置
AU2001288757A1 (en) * 2000-09-01 2002-03-13 Op40, Inc. System, method, uses, products, program products, and business methods for distributed internet and distributed network services
US8515783B1 (en) * 2000-11-06 2013-08-20 Swiss Reinsurance Company Ltd. Risk assessment method
US7340776B2 (en) * 2001-01-31 2008-03-04 International Business Machines Corporation Method and system for configuring and scheduling security audits of a computer network
US7899722B1 (en) 2001-03-20 2011-03-01 Goldman Sachs & Co. Correspondent bank registry
US7287280B2 (en) * 2002-02-12 2007-10-23 Goldman Sachs & Co. Automated security management
US8069105B2 (en) 2001-03-20 2011-11-29 Goldman Sachs & Co. Hedge fund risk management
US8121937B2 (en) 2001-03-20 2012-02-21 Goldman Sachs & Co. Gaming industry risk management clearinghouse
US8209246B2 (en) 2001-03-20 2012-06-26 Goldman, Sachs & Co. Proprietary risk management clearinghouse
US7958027B2 (en) 2001-03-20 2011-06-07 Goldman, Sachs & Co. Systems and methods for managing risk associated with a geo-political area
US8140415B2 (en) * 2001-03-20 2012-03-20 Goldman Sachs & Co. Automated global risk management
US8234156B2 (en) * 2001-06-28 2012-07-31 Jpmorgan Chase Bank, N.A. System and method for characterizing and selecting technology transition options
US20030084349A1 (en) * 2001-10-12 2003-05-01 Oliver Friedrichs Early warning system for network attacks
US7836503B2 (en) * 2001-10-31 2010-11-16 Hewlett-Packard Development Company, L.P. Node, method and computer readable medium for optimizing performance of signature rule matching in a network
US7281020B2 (en) * 2001-12-12 2007-10-09 Naomi Fine Proprietary information identification, management and protection
WO2003058408A2 (en) * 2002-01-10 2003-07-17 Neupart Aps Information security awareness system
US8256002B2 (en) * 2002-01-18 2012-08-28 Alcatel Lucent Tool, method and apparatus for assessing network security
US7937326B1 (en) * 2002-02-20 2011-05-03 The Standard Register Company Document security protection analysis assistant
US8561167B2 (en) 2002-03-08 2013-10-15 Mcafee, Inc. Web reputation scoring
US20060015942A1 (en) 2002-03-08 2006-01-19 Ciphertrust, Inc. Systems and methods for classification of messaging entities
US20030233575A1 (en) * 2002-06-12 2003-12-18 Kimmo Syrjanen Method of analysing level of information security in an organization
US7930753B2 (en) * 2002-07-01 2011-04-19 First Data Corporation Methods and systems for performing security risk assessments of internet merchant entities
US20040117283A1 (en) * 2002-07-17 2004-06-17 Germack Victor F.. Methods and systems for rating financial reporting of public companies and rating the performance of accounting firms
US20040133439A1 (en) * 2002-08-21 2004-07-08 Dirk Noetzold Method and system for valuation of complex systems, in particular for corporate rating and valuation
US7848941B2 (en) * 2002-10-08 2010-12-07 Encompass Knowledge Systems, Inc. Business analysis and management systems utilizing enterprise metrics
US20050177415A1 (en) * 2002-10-08 2005-08-11 Mann Michael M. Business analysis and management systems utilizing emergent structures
US20040153171A1 (en) * 2002-10-21 2004-08-05 Brandt David D. System and methodology providing automation security architecture in an industrial controller environment
US20040107345A1 (en) * 2002-10-21 2004-06-03 Brandt David D. System and methodology providing automation security protocols and intrusion detection in an industrial controller environment
US8909926B2 (en) * 2002-10-21 2014-12-09 Rockwell Automation Technologies, Inc. System and methodology providing automation security analysis, validation, and learning in an industrial controller environment
US9009084B2 (en) 2002-10-21 2015-04-14 Rockwell Automation Technologies, Inc. System and methodology providing automation security analysis and network intrusion protection in an industrial environment
US20040103317A1 (en) * 2002-11-22 2004-05-27 Burns William D. Method and apparatus for protecting secure credentials on an untrusted computer platform
US7051322B2 (en) 2002-12-06 2006-05-23 @Stake, Inc. Software analysis framework
US7281270B2 (en) * 2003-04-01 2007-10-09 Lockheed Martin Corporation Attack impact prediction system
US20040250121A1 (en) * 2003-05-06 2004-12-09 Keith Millar Assessing security of information technology
US20050050346A1 (en) * 2003-08-28 2005-03-03 Felactu Odessa John Dynamic comprehensive global enterprise defensive security system
US8214906B2 (en) * 2003-10-21 2012-07-03 International Business Machines Corporation System, method and program product to determine security risk of an application
US20060282494A1 (en) * 2004-02-11 2006-12-14 Caleb Sima Interactive web crawling
US7765597B2 (en) * 2004-02-11 2010-07-27 Hewlett-Packard Development Company, L.P. Integrated crawling and auditing of web applications and web content
WO2005077118A2 (en) * 2004-02-11 2005-08-25 Spi Dynamics, Inc. System and method for testing web applications with recursive discovery and analysis
US7974894B2 (en) * 2004-03-05 2011-07-05 Institutional Shareholder Services Inc. Methods and systems for classifying entities according to metrics of earnings quality
US8442953B2 (en) 2004-07-02 2013-05-14 Goldman, Sachs & Co. Method, system, apparatus, program code and means for determining a redundancy of information
US8510300B2 (en) 2004-07-02 2013-08-13 Goldman, Sachs & Co. Systems and methods for managing information associated with legal, compliance and regulatory risk
US8762191B2 (en) 2004-07-02 2014-06-24 Goldman, Sachs & Co. Systems, methods, apparatus, and schema for storing, managing and retrieving information
US8996481B2 (en) 2004-07-02 2015-03-31 Goldman, Sach & Co. Method, system, apparatus, program code and means for identifying and extracting information
US7774848B2 (en) 2004-07-23 2010-08-10 Fortinet, Inc. Mapping remediation to plurality of vulnerabilities
US7665119B2 (en) 2004-09-03 2010-02-16 Secure Elements, Inc. Policy-based selection of remediation
US20060018478A1 (en) * 2004-07-23 2006-01-26 Diefenderfer Kristopher G Secure communication protocol
US8171555B2 (en) * 2004-07-23 2012-05-01 Fortinet, Inc. Determining technology-appropriate remediation for vulnerability
US7761920B2 (en) * 2004-09-03 2010-07-20 Fortinet, Inc. Data structure for policy-based remediation selection
US7672948B2 (en) * 2004-09-03 2010-03-02 Fortinet, Inc. Centralized data transformation
US7703137B2 (en) * 2004-09-03 2010-04-20 Fortinet, Inc. Centralized data transformation
US7657942B2 (en) * 2005-01-11 2010-02-02 International Business Machines Corporation Method of assuring enterprise security standards compliance
US8460079B2 (en) * 2005-02-25 2013-06-11 Ernie Smith Pari-mutuel wagering apparatus and method
US8137175B2 (en) * 2005-02-25 2012-03-20 Ernie Smith Pari-mutuel wagering system
US20070157311A1 (en) * 2005-12-29 2007-07-05 Microsoft Corporation Security modeling and the application life cycle
US7890315B2 (en) * 2005-12-29 2011-02-15 Microsoft Corporation Performance engineering and the application life cycle
US20070192344A1 (en) * 2005-12-29 2007-08-16 Microsoft Corporation Threats and countermeasures schema
US7818788B2 (en) * 2006-02-14 2010-10-19 Microsoft Corporation Web application security frame
US7712137B2 (en) * 2006-02-27 2010-05-04 Microsoft Corporation Configuring and organizing server security information
US7891003B2 (en) * 2006-06-14 2011-02-15 Microsoft Corporation Enterprise threat modeling
US20080077976A1 (en) * 2006-09-27 2008-03-27 Rockwell Automation Technologies, Inc. Cryptographic authentication protocol
US8763114B2 (en) 2007-01-24 2014-06-24 Mcafee, Inc. Detecting image spam
US8214497B2 (en) 2007-01-24 2012-07-03 Mcafee, Inc. Multi-dimensional reputation scoring
GB2459629A (en) * 2007-02-16 2009-11-04 Veracode Inc Assessment and analysis of software security flaws
US20100281248A1 (en) * 2007-02-16 2010-11-04 Lockhart Malcolm W Assessment and analysis of software security flaws
US8613080B2 (en) 2007-02-16 2013-12-17 Veracode, Inc. Assessment and analysis of software security flaws in virtual machines
US9069967B2 (en) * 2007-02-16 2015-06-30 Veracode, Inc. Assessment and analysis of software security flaws
US7770203B2 (en) * 2007-04-17 2010-08-03 International Business Machines Corporation Method of integrating a security operations policy into a threat management vector
US8166551B2 (en) * 2007-07-17 2012-04-24 Oracle International Corporation Automated security manager
US8185930B2 (en) * 2007-11-06 2012-05-22 Mcafee, Inc. Adjusting filter or classification control settings
WO2009116173A1 (ja) * 2008-03-21 2009-09-24 富士通株式会社 対策選択プログラム、対策選択装置および対策選択方法
US20110093955A1 (en) * 2009-10-19 2011-04-21 Bank Of America Corporation Designing security into software during the development lifecycle
US8495745B1 (en) 2009-11-30 2013-07-23 Mcafee, Inc. Asset risk analysis
US8495747B1 (en) 2010-03-31 2013-07-23 Mcafee, Inc. Prioritizing asset remediations
US20120159624A1 (en) * 2010-12-21 2012-06-21 Fujitsu Technology Solutions Intellectual Property Gmbh Computer security method, system and model
US8800045B2 (en) * 2011-02-11 2014-08-05 Achilles Guard, Inc. Security countermeasure management platform
US9727733B2 (en) 2011-08-24 2017-08-08 International Business Machines Corporation Risk-based model for security policy management
US9286063B2 (en) * 2012-02-22 2016-03-15 Veracode, Inc. Methods and systems for providing feedback and suggested programming methods
US8726393B2 (en) * 2012-04-23 2014-05-13 Abb Technology Ag Cyber security analyzer
US9537881B2 (en) * 2013-12-18 2017-01-03 Cytegic Ltd. Security risk mapping of potential targets
US10341376B2 (en) * 2014-12-29 2019-07-02 Guidewire Software, Inc. Diversity analysis with actionable feedback methodologies
US9699209B2 (en) 2014-12-29 2017-07-04 Cyence Inc. Cyber vulnerability scan analyses with actionable feedback
WO2017078986A1 (en) 2014-12-29 2017-05-11 Cyence Inc. Diversity analysis with actionable feedback methodologies
US11855768B2 (en) 2014-12-29 2023-12-26 Guidewire Software, Inc. Disaster scenario based inferential analysis using feedback for extracting and combining cyber risk information
US10050989B2 (en) 2014-12-29 2018-08-14 Guidewire Software, Inc. Inferential analysis using feedback for extracting and combining cyber risk information including proxy connection analyses
US11863590B2 (en) 2014-12-29 2024-01-02 Guidewire Software, Inc. Inferential analysis using feedback for extracting and combining cyber risk information
US10050990B2 (en) 2014-12-29 2018-08-14 Guidewire Software, Inc. Disaster scenario based inferential analysis using feedback for extracting and combining cyber risk information
US10404748B2 (en) 2015-03-31 2019-09-03 Guidewire Software, Inc. Cyber risk analysis and remediation using network monitored sensors and methods of use
US11010717B2 (en) * 2016-06-21 2021-05-18 The Prudential Insurance Company Of America Tool for improving network security
US9930062B1 (en) 2017-06-26 2018-03-27 Factory Mutual Insurance Company Systems and methods for cyber security risk assessment
US11146583B2 (en) 2019-05-01 2021-10-12 Qatar Foundation For Education, Science And Community Development Threat-specific security risk evaluation for networked systems
US11861412B2 (en) * 2020-12-09 2024-01-02 EMC IP Holding Company LLC Method for consolidating infrastructure deployment including networking, out-of-band management, and in-band management through a web graphical user interface

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5533123A (en) * 1994-06-28 1996-07-02 National Semiconductor Corporation Programmable distributed personal security
US5850516A (en) * 1996-12-23 1998-12-15 Schneier; Bruce Method and apparatus for analyzing information systems using stored tree database structures
US6374358B1 (en) * 1998-08-05 2002-04-16 Sun Microsystems, Inc. Adaptive countermeasure selection method and apparatus
US6542993B1 (en) * 1999-03-12 2003-04-01 Lucent Technologies Inc. Security management system and method

Also Published As

Publication number Publication date
WO2000008543A1 (en) 2000-02-17
US6374358B1 (en) 2002-04-16
US20020188861A1 (en) 2002-12-12
AU5896999A (en) 2000-02-28
US6631473B2 (en) 2003-10-07
EP1101159A1 (de) 2001-05-23
EP1101159B1 (de) 2003-03-05
DE69905726D1 (de) 2003-04-10
ATE233918T1 (de) 2003-03-15
WO2000008543A9 (en) 2000-08-03

Similar Documents

Publication Publication Date Title
DE69905726T2 (de) Anpassungsfaehige anordnung und anpassungsfaehiges verfahren zur auswahl von gegenmassnahmen
DE69637799D1 (de) Systeme und Verfahren zur gesicherten Transaktionsverwaltung und elektronischem Rechtsschutz
DE60221149D1 (de) System und verfahren zur identifikation des vorhandenseins von defekten in einer vibrierenden maschine
ATE313183T1 (de) System und verfahren zur beurteilung der verletzlichkeit der netzsicherheit mit fuzzy logik regeln
DE60207812D1 (de) Verfahren und vorrichtung zum dynamischen zuweisen von benutzungsrechten zu digitalen werken
HK1051729A1 (en) Method and processor for branch instruction
DE69624757D1 (de) Vorrichtung zur Koordinatenermittlung, Verfahren hierzu und Steuervorrichtung für den Rechner
WO2004027544A3 (en) Methods and apparatus for evaluating a credit application
NO955088L (no) Framgangsmåte for gjenkjennelse av håndskrevne data
ATE198114T1 (de) Verfahren zur aushandlung einer sicherheitspolitik zwischen einer ersten computereinheit und einer zweiten computereinheit
ATE225536T1 (de) Verfahren zur prüfung von java-bytecode- programmen auf sicherheitseigenschaften
ATE204995T1 (de) Verfahren zur verifizierung der identität eines benutzers einer mit einer tastatur zur erzeugung alphanumerischer zeichen zu bedienenden datenverarbeitungsanlage
DE59902963D1 (de) Vorrichtung zum liefern von ausgangsdaten als reaktion auf eingangsdaten und verfahren zum überprüfen der authentizität und verfahren zum verschlüsselten übertragen von informationen
DE60203525D1 (de) Vorrichtung und verfahren in einer büroapplikation zur bereitstellung von inhaltsabhängiger hilfeinformation
DE59912605D1 (de) Verfahren zur sicheren verteilung von software
ATE332527T1 (de) Verfahren und vorrichtung zum verfolgen des status eines betriebsmittels in einem system zur verwaltung der benutzung der betriebsmittel
DE59402167D1 (de) Anordnung zur modellierung eines nichtlinearen prozesses
CA2050888A1 (en) Method of and apparatus for evaluating membership functions or rules in fuzzy reasoning system
TW200506634A (en) Physical presence determination in a trusted platform
ATE273507T1 (de) Verfahren und vorrichtung zur verringerung der schwingungen eines rotors
ATE450003T1 (de) Komputergesteuerte verfahren und system zum implementieren von verteilten anwendungen
DE69706713D1 (de) Anordnung und verfahren zur behandlung von bustaktgeschwindigheitsänderungen
DE69914884D1 (de) System und verfahren zum führen eines benutzers auf eine information-site
SE9801964D0 (sv) Simulation system
Hashemi-Nassab et al. Inductive learning from examples: a rough sets approach

Legal Events

Date Code Title Description
8339 Ceased/non-payment of the annual fee