Information technology governance and controls methods and apparatuses

US 10,264,022 B2
Filed: 02/05/2016
Issued: 04/16/2019
Est. Priority Date: 08/09/2005
Status: Active Grant

First Claim

Patent Images

1. A method for performing preventative, detective, and corrective control of an information technology (IT) infrastructure, comprising:

detecting a change of state in at least one of a plurality of data processing devices in the information technology (IT) infrastructure, wherein the detecting is performed by comparing a baseline state for the at least one of the plurality of data processing devices to a current state of the at least one of the plurality of data processing devices and wherein the detecting is performed without knowledge of a source of the change of state;

performing an enrichment operation by correlating the detected change of state to one or more events identified in a separate event or audit log, and supplementing the detected change of state with the correlated one or more events;

after the detecting, reconciling the detected change of state as an authorized and planned change of state by determining whether the change of state is associated with a work ticket or maintenance window for the at least one of the plurality of data processing devices; and

if the detected change of state is not an authorized and planned change of state, generating a notification to a system administrator reporting the detected change of state.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide methods and systems for automated change audit of an enterprise'"'"'s IT infrastructure, including independent detection of changes, reconciliation of detected changes and independent reporting, to effectuate a triad of controls on managing changes within the IT infrastructure, preventive controls, detective controls and corrective controls.

170 Citations

14 Claims

1. A method for performing preventative, detective, and corrective control of an information technology (IT) infrastructure, comprising:
- detecting a change of state in at least one of a plurality of data processing devices in the information technology (IT) infrastructure, wherein the detecting is performed by comparing a baseline state for the at least one of the plurality of data processing devices to a current state of the at least one of the plurality of data processing devices and wherein the detecting is performed without knowledge of a source of the change of state;
  
  performing an enrichment operation by correlating the detected change of state to one or more events identified in a separate event or audit log, and supplementing the detected change of state with the correlated one or more events;
  
  after the detecting, reconciling the detected change of state as an authorized and planned change of state by determining whether the change of state is associated with a work ticket or maintenance window for the at least one of the plurality of data processing devices; and
  
  if the detected change of state is not an authorized and planned change of state, generating a notification to a system administrator reporting the detected change of state.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising, if the change of state is an authorized and planned change of state, updating the baseline state for the at least one of a plurality of data processing devices to the current state.
  - 3. The method of claim 1, wherein the reconciling further comprises determining whether the detected change of state is conforming to a regulatory or security standard.
  - 4. The method of claim 3, wherein the reconciling further comprises changing the baseline state for the at least one data processing device only if the detected change of state is conforming to the regulatory or security standard.
  - 5. The method of claim 3, wherein the reconciling further comprises determining at least one of a level of severity or non-conformance for the detected change of state, if the detected change of state is not conforming.
  - 6. The method of claim 1, further comprising memorializing a detected change of state of the at least one of a plurality of data processing device by logging one or events in an event log.
  - 7. The method of claim 1, wherein the method further comprises generating a change report for changes detected in the information technology (IT) infrastructure, including the change at the data processing node, the change report including one or more of an identification of one or more of a number of changes detected, dates of the changes detected, times of the changes detected, operators associated with the changes detected, or permissions related to the operators associated with the changes detected.

8. One or more nom-transitory computer medium storing computer-executable instructions which when executed by a computer cause the computer to perform a method, the method comprising:
- detecting a change of state in at least one of a plurality of data processing devices the information technology (IT) infrastructure, wherein the detecting is performed by comparing a baseline state for the at least one of the plurality of data processing devices to a current state of the at least one of the plurality of data processing devices and wherein the detecting is performed without knowledge of a source of the change of state;
  
  performing an enrichment operation by correlating the detected change of state to one or more events identified in a separate event or audit log, and supplementing the detected change of state with the correlated one or more events;
  
  after the detecting, reconciling the detected change of state as an authorized and planned change of state by determining whether the change of state is associated with a work ticket or maintenance window for the at least one of the plurality of data processing devices; and
  
  if the detected change of state is not an authorized and planned change of state, generating a notification to a system administrator reporting the detected change of state.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The one or more non-transitory computer medium of claim 8, wherein the method further comprises, if the change of state is an authorized and planned change of state, updating the baseline state for the at least one of a plurality of data processing devices to the current state.
  - 10. The one or more non-transitory computer medium of claim 8, wherein the reconciling further comprises determining whether the detected change of state is conforming to a regulatory or security standard.
  - 11. The one or more non-transitory computer medium of claim 10, wherein the reconciling further comprises changing the baseline state for the at least one data processing device only if the detected change of state is conforming to the regulatory or security standard.
  - 12. The one or more non-transitory computer medium of claim 10, wherein the reconciling further comprises determining at least one of a level of severity or non-conformance for the detected change of state, if the detected change of state is not conforming.
  - 13. The one or more non-transitory computer medium of claim 8, the method further comprising memorializing a detected change of state of the at least one of a plurality of data processing device by logging one or events in an event log.
  - 14. The one or more non-transitory computer medium of claim 8, wherein the method further comprises generating a change report for changes detected in the information technology (IT) infrastructure, including the change at the data processing node, the change report including one or more of an identification of one or more of a number of changes detected, dates of the changes detected, times of the changes detected, operators associated with the changes detected, or permissions related to the operators associated with the changes detected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tripwire Incorporated (Belden Inc.)
Original Assignee
Tripwire Incorporated (Belden Inc.)
Inventors
DiFalco, Robert, Keeler, Kenneth L., Warmack, Robert L.
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Bucknor, Olanrewaju J.

Application Number

US15/017,243
Publication Number

US 20160234254A1
Time in Patent Office

1,166 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/128   Details of file system snap...

G06Q 10/00   Administration; Management

G06Q 10/0637   Strategic management or ana...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Information technology governance and controls methods and apparatuses

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

170 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Information technology governance and controls methods and apparatuses

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

170 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links