Appeal No. 2004-1911 Application No. 09/558,387 an enterprise and users’ area of expertise to determine deficiencies in information security based on the users’ responses. Representative independent claim 32 is reproduced below: 32. A computer implemented method for assessing information security for a plurality of domains within an enterprise, comprising: (1) Querying an administrator to identify an enterprise type; (2) Querying the administrator to define domains within the enterprise; (3) Querying the administrator to identify users and user areas of expertise; (4) Tailoring user questions according to the enterprise type, the domains within the enterprise, and the user areas of expertise; (5) Querying the administrator regarding roll-up options for generating enterprise-wide reports; (6) interviewing a first user group regarding a first domain of an enterprise; (7) assessing information security for the first domain based upon user responses to step (6); (8) interviewing a second user group regarding a second domain of the enterprise; (9) assessing information security for the second domain based upon user responses to step (8); and (10) assessing information security for the enterprise based on administrator selected options. 2Page: Previous 1 2 3 4 5 6 7 8 NextLast modified: November 3, 2007