| CPC G06Q 10/0635 (2013.01) [G06F 21/6254 (2013.01)] | 17 Claims |
|
1. A computer driven method of managing Information Security Program maturity and risk regarding a cybersecurity data collection and application to calculate cybersecurity standard of care in real-time also known as the legal basis for calculating the threshold for legal negligence in tort law, for an identified practice, the method comprising:
presenting a form aligned with open industry standard frame works and customized controls based on said open industry standard frame works;
addressing both technical and administrative controls which apply to a system, inclusive of all devices within the system;
storing a plurality of stakeholder responses in a continuously updated database;
allowing a submission of a plurality of new individual industry controls;
dynamically adjusting a control maturity of client profiles and displaying an aggregated average comparatively to the user in real time for both technical and administrative controls holistically and also independently;
establishing a maturity baseline for a client profile upon receiving an entirety of a data set of inputs, independent of the level of compliance, and for each individual control;
aggregating a maturity score from one, or multiple assessments into a single score which requires the maturity of all controls within a selected framework utilized together to identify and compare the delta between a current maturity score and the collective score of a specified industry to establish the gap, or risk associated with a control, and comparing gaps to one another in totality to rank them based on their adherence with tort law;
consolidating cybersecurity maturity data in a graphical format to establish a legal risk baseline for the user based on the control maturity using the maturity scoring against an industry average to establish a legal application of the data known in tort law as the “standard of care” based upon the measurement of the delta between current state baselines and the industry average score as a function of the amount of risk being carried by an organization;
limiting access to results created from storing said stakeholder responses and allowing said new controls and adjusting said client profiles to a limited number of viewing users;
providing industry specific anonymous aggregate data metrics regarding identification of legal risk for negligence visible to said client profile;
ingesting data from an Exposure Engine to calculate cybersecurity standard of care in real-time, or a threshold for legal negligence, for a selected industry in the establishment of new data points to further establish a standard of care for cybersecurity which is applied in real time across the entire data set associated with the selected taxonomy and unique organizational factors including, an applied weight, allowing for unique organizational risk profiles to be established, independent of an organizational level of compliance, individually or comparatively, or a system or systems;
displaying the standard of care in real time to at least one user of a predetermined set of viewing users confidential to each user of the system.
|