×

Dynamic employee security risk scoring

  • US 10,282,702 B2
  • Filed: 01/04/2010
  • Issued: 05/07/2019
  • Est. Priority Date: 01/04/2010
  • Status: Active Grant
First Claim
Patent Images

1. An apparatus for quantifying employee security risk, the apparatus comprising:

  • a computing platform including at least one processor and a memory;

    an employee security risk scoring module that is stored in the memory, executable by the processor, configured to;

    receive a plurality of security risk facts, each fact associated with one of a plurality of employees, wherein one or more of the security risk facts are received within real-time of an event associated with a security risk fact,consolidate the plurality of security risk facts to (1) determine one of a plurality of security risk categories to assign to each of the security risk facts, and (2) determine security risk facts that are redundant and remove the redundant risk facts from further employee risk score processing, wherein the security risk categories include (1) access to non-public information, (2) volume of non-public information consumed within a predetermined time period, (3) ability to export data, (4) behaviors associated with a security risk and (5) volume of hardware accessed within a predetermined time period, andtransform the plurality of security risk facts to a standard format prior to the employees security risk score processing;

    an employee security risk scoring logic configured to determine an employee security risk score for each of the employees that meet a predetermined employee parameter, based on the plurality of security risk facts, wherein the employee security risk scoring logic further comprises;

    a security risk category scoring routine configured to determine, for each of the employees that meet the employee parameter, an employee-specific security risk category score for each of the plurality of security risk categories,a security risk category average routine configured to determine a security risk category average for each of the plurality of security risk categories and for the employees that meet the predetermined employee parameter,a security risk category standard deviation routine configured to determine a security risk category standard deviation for each of the plurality of security risk categories and for the employees that meet by a predetermined employee parameter,a sigma scoring routine configured to determine a sigma score, which is specific to the employee parameter, for each of the security risk categories, wherein the sigma score is determined by subtracting the security risk category average from the security risk category score to result in a remainder and dividing the remainder by the security risk category standard deviation, andan employee risk scoring routine configured to determine, for each of the employees that meet the employee parameter, the employee security risk score by aggregating all positive-valued sigma scores for each of the security risk categories;

    a graphical user interface module configured to dynamically display, via a network connection, employee security risk scores for each of the employees, to thereby providing tracking a security risk of employees in terms of their respective security risk scores for the predetermined employee parameter;

    a security risk reporting application configured to automatically generate a dynamic employee security risk report indicating employees that are determined to pose security risks based on their scores exceeding a predetermined threshold; and

    a reporting application configured to initiate communication of the report to a remote electronic device.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×