Ex Parte Baggett et al - Page 2



         Appeal No. 2004-1911                                                       
         Application No. 09/558,387                                                 
         an enterprise and users’ area of expertise to determine                    
         deficiencies in information security based on the users’                   
         responses.                                                                 
              Representative independent claim 32 is reproduced below:              
              32. A computer implemented method for assessing information           
         security for a plurality of domains within an enterprise,                  
         comprising:                                                                
              (1) Querying an administrator to identify an enterprise               
         type;                                                                      
              (2) Querying the administrator to define domains within the           
         enterprise;                                                                
              (3) Querying the administrator to identify users and user             
         areas of expertise;                                                        
              (4) Tailoring user questions according to the enterprise              
         type, the domains within the enterprise, and the user areas of             
         expertise;                                                                 
              (5) Querying the administrator regarding roll-up options              
         for generating enterprise-wide reports;                                    
              (6) interviewing a first user group regarding a first                 
         domain of an enterprise;                                                   
              (7) assessing information security for the first domain               
         based upon user responses to step (6);                                     
              (8) interviewing a second user group regarding a second               
         domain of the enterprise;                                                  
              (9) assessing information security for the second domain              
         based upon user responses to step (8); and                                 
              (10) assessing information security for the enterprise based          
         on administrator selected options.                                         

                                         2                                          




Page:  Previous  1  2  3  4  5  6  7  8  Next 

Last modified: November 3, 2007