Quantitatively measuring recertification campaign effectiveness

US 10,243,994 B2
Filed: 09/02/2015
Issued: 03/26/2019
Est. Priority Date: 09/02/2015
Status: Active Grant

First Claim

Patent Images

1. A method to improve an identity and access management computing system that implements an automated recertification campaign with respect to an application in an enterprise, comprising:

selecting accounts for recertification in accordance with a recertification policy to generate a list of accounts;

augmenting the list with one or more dummy items, wherein the one or more dummy items represent additional accounts on the application and are configured to appear on the list as legitimate accounts;

providing for approval the list including the one or more dummy items, the list being provided to an approver entity;

responsive to receipt from the approver entity of an approval to initiate the recertification campaign, quantifying an effectiveness of the approver entity in locating the one or more dummy items from the list to generate a result;

using the result as an enterprise metric in association with a compliance component of the identity and access management computing system;

wherein at least one dummy item of the one or more dummy items is selected for inclusion in the list based on a characteristic of the approver entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identity management system is augmented to provide a methodology to generate an objective measure of administrative effectiveness with respect to account certification. In the approach, erroneous account information is intentionally inserted into a recertification campaign. The erroneous account information is tracked through the recertification process and used as a measurement to evaluate whether a particular manager/administrator whose accounts are impacted is successful in recognizing the erroneous account information (e.g., as a percentage of erroneous account records located). The dummy information is tracked and used to generate a quantitative measure of the effectiveness of a particular recertification campaign or a particular manager who is responsible for recertifying accounts. The results can also be used to drive other enterprise metrics and compliance systems.

Citations

21 Claims

1. A method to improve an identity and access management computing system that implements an automated recertification campaign with respect to an application in an enterprise, comprising:
- selecting accounts for recertification in accordance with a recertification policy to generate a list of accounts;
  
  augmenting the list with one or more dummy items, wherein the one or more dummy items represent additional accounts on the application and are configured to appear on the list as legitimate accounts;
  
  providing for approval the list including the one or more dummy items, the list being provided to an approver entity;
  
  responsive to receipt from the approver entity of an approval to initiate the recertification campaign, quantifying an effectiveness of the approver entity in locating the one or more dummy items from the list to generate a result;
  
  using the result as an enterprise metric in association with a compliance component of the identity and access management computing system;
  
  wherein at least one dummy item of the one or more dummy items is selected for inclusion in the list based on a characteristic of the approver entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein the recertification campaign is associated with the application, and a dummy item of the one or more dummy items is determined adaptively or by machine learning and identifies one of:
    - an individual having an account on the application, a named account associated with an individual, and a group affiliation associated with an individual.
  - 3. The method as described in claim 2 wherein the individual is one of:
    - an individual associated with an enterprise but not authorized presently to have an account on the application, and an individual not associated with an enterprise.
  - 4. The method as described in claim 1 wherein the effectiveness of the approver entity is a function of a number of dummy items augmented to the list, and a number of dummy items identified by the approver entity.
  - 5. The method as described in claim 1 further including associating different dummy items to each of first and second accounts.
  - 6. The method as described in claim 1 further including associating different weights to each of first and second dummy items, wherein a first weight associated with the first dummy item is higher than a second weight associated with the second dummy item to indicate that the first dummy item has a higher relative difficulty in locating as compared to the second dummy item.
  - 7. The method as described in claim 1 wherein the characteristic of the approver entity is one of:
    - a relative skill level of the approver entity, and a period of time that the approver entity has been acting as an approver.

8. An apparatus, comprising:
- a processor;
  
  computer memory holding computer program instructions executed by the processor to improve an identity and access management computing system that implements an automated recertification campaign with respect to an application in an enterprise, the computer program instructions comprising;
  
  program code operative to select accounts for recertification in accordance with a recertification policy to generate a list of accounts;
  
  program code operative to augment the list with one or more dummy items, wherein the one or more dummy items represent additional accounts on the application and are configured to appear on the list as legitimate accounts;
  
  program code operative to provide for approval the list including the one or more dummy items, the list being provided to an approver entity; and
  
  program code responsive to receipt from the approver entity of an approval to initiate the recertification campaign to quantify an effectiveness of the approver entity in locating the one or more dummy items from the list and generate a result;
  
  program code to use the result as an enterprise metric in association with a compliance component of the identity and access management computing system;
  
  wherein at least one dummy item of the one or more dummy items is selected for inclusion in the list based on a characteristic of the approver entity.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus as described in claim 8 wherein the recertification campaign is associated with the application, and a dummy item of the one or more dummy items is determined adaptively or by machine learning and identifies one of:
    - an individual having an account on the application, a named account associated with an individual, and a group affiliation associated with an individual.
  - 10. The apparatus as described in claim 9 wherein the individual is one of:
    - an individual associated with an enterprise but not authorized presently to have an account on the application, and an individual not associated with an enterprise.
  - 11. The apparatus as described in claim 8 wherein the effectiveness of the approver entity is a function of a number of dummy items augmented to the list, and a number of dummy items identified by the approver entity.
  - 12. The apparatus as described in claim 8 wherein the computer program instructions further include program code to associate different dummy items to each of first and second accounts.
  - 13. The apparatus as described in claim 8 wherein the computer program instructions further including program code to associate different weights to each of first and second dummy items, wherein a first weight associated with the first dummy item is higher than a second weight associated with the second dummy item to indicate that the first dummy item has a higher relative difficulty in locating as compared to the second dummy item.
  - 14. The apparatus as described in claim 8 wherein the characteristic of the approver entity is one of:
    - a relative skill level of the approver entity, and a period of time that the approver entity has been acting as an approver.

15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, to improve an identity and access management computing system that implements an automated recertification campaign with respect to an application in an enterprise, the computer program instructions comprising:
- program code operative to select accounts for recertification in accordance with a recertification policy to generate a list of accounts;
  
  program code operative to augment the list with one or more dummy items, wherein the one or more dummy items represent additional accounts on the application and are configured to appear on the list as legitimate accounts;
  
  program code operative to provide for approval the list including the one or more dummy items, the list being provided to an approver entity; and
  
  program code responsive to receipt from the approver entity of an approval to initiate the recertification campaign to quantify an effectiveness of the approver entity in locating the one or more dummy items from the list and generate a result;
  
  program code to use the result as an enterprise metric in association with a compliance component of the identity and access management computing system;
  
  wherein at least one dummy item of the one or more dummy items is selected for inclusion in the list based on a characteristic of the approver entity.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer program product as described in claim 15 wherein the recertification campaign is associated with the application, and a dummy item of the one or more dummy items is determined adaptively or by machine learning and identifies one of:
    - an individual having an account on the application, a named account associated with an individual, and a group affiliation associated with an individual.
  - 17. The computer program product as described in claim 16 wherein the individual is one of:
    - an individual associated with an enterprise but not authorized presently to have an account on the application, and an individual not associated with an enterprise.
  - 18. The computer program product as described in claim 15 wherein the effectiveness of the approver entity is a function of a number of dummy items augmented to the list, and a number of dummy items identified by the approver entity.
  - 19. The computer program product as described in claim 15 wherein the computer program instructions further include program code to associate different dummy items to each of first and second accounts.
  - 20. The computer program product as described in claim 15 wherein the computer program instructions further including program code to associate different weights to each of first and second dummy items, wherein a first weight associated with the first dummy item is higher than a second weight associated with the second dummy item to indicate that the first dummy item has a higher relative difficulty in locating as compared to the second dummy item.
  - 21. The computer program product as described in claim 15 wherein the characteristic of the approver entity is one of:
    - a relative skill level of the approver entity, and a period of time that the approver entity has been acting as an approver.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Matthiesen, Brian Robert, Chia, Gee Ngoo, Hidden, Jean Elizabeth, Turcol, Stephen James
Primary Examiner(s)
Nguyen, Trong H

Application Number

US14/842,873
Publication Number

US 20170063872A1
Time in Patent Office

1,301 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/123 received data contents, e.g...

H04L 63/20 for managing network securi...

Quantitatively measuring recertification campaign effectiveness

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Quantitatively measuring recertification campaign effectiveness

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links