Patent Number: 8,819,820

Title: Security capability reference model for goal-based gap analysis

Abstract: Gap analysis is performed on security capabilities of a computer system compared to a desired or targeted security model according to one or more security requirement by providing a data structure of security capabilities of a computer system under analysis, wherein each capability is classified in a formal security capability reference model with a mean having a set of attributes and a goal; determining the security capabilities of the deployed system-under-analysis; matching the security capabilities of the deployed system-under-analysis with the security capabilities defined in the data structure; determining one or more gaps in security capabilities between the deployed system and a security reference model goal; and displaying the gaps to a user in a report.

Inventors: Milman; Ivan Matthew (Austin, TX), Oberhofer; Martin (Boeblingen, DE), Pandit; Sushain (Austin, TX), Powers; Calvin Stacy (Durham, NC)

Assignee: International Business Machines Corporation

International Classification: G06F 21/00 (20130101)

Expiration Date: 8/26/12018