| CPC G06F 21/577 (2013.01) [G06F 9/451 (2018.02); G06F 9/542 (2013.01); G06F 18/2415 (2023.01); H04L 67/30 (2013.01); H04L 67/303 (2013.01); G06F 2221/034 (2013.01)] | 20 Claims |
|
1. A computer implemented method, comprising:
receiving, via a user interface, a risk profile comprising a likelihood and/or impact for each event of a selected group of events of a plurality of pre-defined potential events related to a plurality of pre-defined potential vulnerabilities of a computer system; and
computing a maturity measurement for the computer system using the risk profile and a database, the database comprising information for a set of practices and relationships between practices of the set of practices and events of the plurality of pre-defined potential events,
wherein computing the maturity measurement for the computer system is based on at least a plurality of predefined maturity levels;
wherein the predefined maturity level for each practice of the set of practices is one of five levels of maturity, the five levels of maturity comprising an initial level of maturity (“performed level”), a repeatable level of maturity (“managed level”), a defined level of maturity (“defined level”), a capable level of maturity (“quantitatively managed level”), and an efficient level of maturity (“optimized level”).
|