Information technology governance and controls methods and apparatuses
First Claim
Patent Images
1. A method for performing preventative, detective, and corrective control of an information technology (IT) infrastructure, comprising:
- detecting a change of state in at least one of a plurality of data processing devices in the information technology (IT) infrastructure, wherein the detecting is performed by comparing a baseline state for the at least one of the plurality of data processing devices to a current state of the at least one of the plurality of data processing devices and wherein the detecting is performed without knowledge of a source of the change of state;
performing an enrichment operation by correlating the detected change of state to one or more events identified in a separate event or audit log, and supplementing the detected change of state with the correlated one or more events;
after the detecting, reconciling the detected change of state as an authorized and planned change of state by determining whether the change of state is associated with a work ticket or maintenance window for the at least one of the plurality of data processing devices; and
if the detected change of state is not an authorized and planned change of state, generating a notification to a system administrator reporting the detected change of state.
3 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide methods and systems for automated change audit of an enterprise'"'"'s IT infrastructure, including independent detection of changes, reconciliation of detected changes and independent reporting, to effectuate a triad of controls on managing changes within the IT infrastructure, preventive controls, detective controls and corrective controls.
170 Citations
14 Claims
-
1. A method for performing preventative, detective, and corrective control of an information technology (IT) infrastructure, comprising:
-
detecting a change of state in at least one of a plurality of data processing devices in the information technology (IT) infrastructure, wherein the detecting is performed by comparing a baseline state for the at least one of the plurality of data processing devices to a current state of the at least one of the plurality of data processing devices and wherein the detecting is performed without knowledge of a source of the change of state; performing an enrichment operation by correlating the detected change of state to one or more events identified in a separate event or audit log, and supplementing the detected change of state with the correlated one or more events; after the detecting, reconciling the detected change of state as an authorized and planned change of state by determining whether the change of state is associated with a work ticket or maintenance window for the at least one of the plurality of data processing devices; and if the detected change of state is not an authorized and planned change of state, generating a notification to a system administrator reporting the detected change of state. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more nom-transitory computer medium storing computer-executable instructions which when executed by a computer cause the computer to perform a method, the method comprising:
-
detecting a change of state in at least one of a plurality of data processing devices the information technology (IT) infrastructure, wherein the detecting is performed by comparing a baseline state for the at least one of the plurality of data processing devices to a current state of the at least one of the plurality of data processing devices and wherein the detecting is performed without knowledge of a source of the change of state; performing an enrichment operation by correlating the detected change of state to one or more events identified in a separate event or audit log, and supplementing the detected change of state with the correlated one or more events; after the detecting, reconciling the detected change of state as an authorized and planned change of state by determining whether the change of state is associated with a work ticket or maintenance window for the at least one of the plurality of data processing devices; and if the detected change of state is not an authorized and planned change of state, generating a notification to a system administrator reporting the detected change of state. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification