Appeal No. 2004-1911
Application No. 09/558,387
an enterprise and users’ area of expertise to determine
deficiencies in information security based on the users’
responses.
Representative independent claim 32 is reproduced below:
32. A computer implemented method for assessing information
security for a plurality of domains within an enterprise,
comprising:
(1) Querying an administrator to identify an enterprise
type;
(2) Querying the administrator to define domains within the
enterprise;
(3) Querying the administrator to identify users and user
areas of expertise;
(4) Tailoring user questions according to the enterprise
type, the domains within the enterprise, and the user areas of
expertise;
(5) Querying the administrator regarding roll-up options
for generating enterprise-wide reports;
(6) interviewing a first user group regarding a first
domain of an enterprise;
(7) assessing information security for the first domain
based upon user responses to step (6);
(8) interviewing a second user group regarding a second
domain of the enterprise;
(9) assessing information security for the second domain
based upon user responses to step (8); and
(10) assessing information security for the enterprise based
on administrator selected options.
2
Page: Previous 1 2 3 4 5 6 7 8 Next
Last modified: November 3, 2007