摘要 |
A tool to assess risks associated with software applications, and controls implemented to mitigate these risks, includes a first software component configured to gather information about the risks and controls, and a second software component configured to display the gathered information. The first software component includes a self-assessment tool which is invoked by a user to enter information reflective of risk levels over a number of risk categories. These risk levels are used to calculate a risk score associated with a particular application. The user also enters information as to whether or not a number of specific control attributes have been implemented, and this information is used to calculate a control score. This process may be repeated for each of several software applications. The second software component allows one to selectively display various subsets, or even the entire population, of the collected information by invoking various combinations of parametric filters on the compiled information. |
申请人 |
BANK OF AMERICA CORPORATION;OSBORN, FRANK, DAVIS;FIRESTONE, JACOB;WEAVER, DAVID, H.;MURPHY, PETER |
发明人 |
OSBORN, FRANK, DAVIS;FIRESTONE, JACOB;WEAVER, DAVID, H.;MURPHY, PETER |