CPC G06F 11/26 (2013.01) [G06F 11/076 (2013.01); G06F 11/079 (2013.01); G06F 11/0709 (2013.01); G06F 11/0793 (2013.01); G06F 11/3006 (2013.01); G06F 11/3409 (2013.01); G06F 11/3476 (2013.01); G06F 11/3495 (2013.01); G06F 11/3668 (2013.01); G06F 16/2379 (2019.01); G06F 21/577 (2013.01); G06Q 10/06393 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/20 (2013.01); G06F 2221/034 (2013.01)] | 26 Claims |
1. A method comprises:
determining, by an analysis system that includes one or more computing entities, a system aspect of an enterprise system for system information protection processes and procedures evaluation;
determining, by the analysis system, at least one evaluation perspective for use in performing the system information protection processes and procedures evaluation;
determining, by the analysis system, at least one evaluation viewpoint for use in performing the system information protection processes and procedures evaluation;
obtaining, by the analysis system, system information protection processes and procedures data regarding the system aspect in accordance with the at least one evaluation perspective and the at least one evaluation viewpoint by:
determining data gathering parameters regarding the system aspect in accordance with the at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric;
identifying system elements of the system aspect based on the data gathering parameters;
obtaining system information protection processes and procedures information from the system elements in accordance with the data gathering parameters; and
recording the system information protection processes and procedures information from the system elements to produce the system information protection processes and procedures data; and
calculating, by the analysis system, an information protection processes and procedures rating regarding the information protection processes and procedures for the system aspect based on the system information protection processes and procedures data, the at least one evaluation perspective, the at least one evaluation viewpoint, and the at least one evaluation rating metric.
|