摘要 |
A method of selecting a security model for an organization operating an application on the organization's computer network is described. A current strength level for a countermeasure is determined based on input data and rules corresponding to the application. The method and apparatus determine a recommended strength level for countermeasures based on the input data and security risk data. Based on the current strength level and the recommended strength level, the method determines and outputs a security model including a countermeasure and corresponding strength level. The method may also modify the model based on exception conditions. The method may be used to calculate the risk of attack to the application and degree to which the organization conforms to industry practices.
|