System and method for evaluating and enhancing the security level of a network system

US 10,659,489 B2
Filed: 03/23/2018
Issued: 05/19/2020
Est. Priority Date: 01/06/2013
Status: Active Grant

First Claim

Patent Images

1. A computer system comprising:

a combination of memory that stores;

a library of elements for a security model, each element of the element library being defined by at least a data set type and a function, and each element of the element library including a relationship with one or more other elements of the security model;

a library of products, the product library storing information about a plurality of commercially available products, each product of the product library being deemed pertinent to a respective data set type and a respective function;

wherein each product of the product library is associated with one or more metrics that relate to at least one of a security aspect, an effectiveness aspect, a maturity aspect, or a cost aspect of the security model;

one or more processors to execute a set of instructions to;

receive input from a user, the input identifying a set of products that are deployed with a network computer system;

correlates the set of deployed products to a set of elements of the element library;

determine an evaluation for the network computer system with respect to the one or more security aspects, the evaluation being based on the set of elements and the one or more metrics that are associated with the set of deployed products;

generate a representation that reflects (i) the security model as applied to the network computer system, and (ii) the evaluation for the network computer system;

provide a recommendation to the user to improve the evaluation;

wherein the one or more processors generate the representation to have multiple dimensions, with each dimension representing at least one of multiple aspects of the security model; and

wherein the relationships of the element library include a predefined set of hierarchical relationships in which individual levels of the set of hierarchical relationships correlating to a dimension of the multiple dimensions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Examples described herein provide for a system that evaluates a security level of a network system. Additionally, examples described herein evaluate a security level of a network system in order to enable a determination of components that can be used to enhance the security level of the network system.

Citations

17 Claims

1. A computer system comprising:
- a combination of memory that stores;
  
  a library of elements for a security model, each element of the element library being defined by at least a data set type and a function, and each element of the element library including a relationship with one or more other elements of the security model;
  
  a library of products, the product library storing information about a plurality of commercially available products, each product of the product library being deemed pertinent to a respective data set type and a respective function;
  
  wherein each product of the product library is associated with one or more metrics that relate to at least one of a security aspect, an effectiveness aspect, a maturity aspect, or a cost aspect of the security model;
  
  one or more processors to execute a set of instructions to;
  
  receive input from a user, the input identifying a set of products that are deployed with a network computer system;
  
  correlates the set of deployed products to a set of elements of the element library;
  
  determine an evaluation for the network computer system with respect to the one or more security aspects, the evaluation being based on the set of elements and the one or more metrics that are associated with the set of deployed products;
  
  generate a representation that reflects (i) the security model as applied to the network computer system, and (ii) the evaluation for the network computer system;
  
  provide a recommendation to the user to improve the evaluation;
  
  wherein the one or more processors generate the representation to have multiple dimensions, with each dimension representing at least one of multiple aspects of the security model; and
  
  wherein the relationships of the element library include a predefined set of hierarchical relationships in which individual levels of the set of hierarchical relationships correlating to a dimension of the multiple dimensions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer system of claim 1, wherein each element in the library of elements includes a definition that decomposes the security model into one or more substructures and/or hierarchies.
  - 3. The computer system of claim 1, wherein the one or more processors generate the representation by generating a concentric visualization of the security model as applied to the network computer system as a whole.
  - 4. The computer system of claim 1, wherein the one or more processors generate the representation by generating a spherical visualization of the security model as applied to the network computer system as a whole.
  - 5. The computer system of claim 1, wherein the relationships of the element library include a predefined set of hierarchical relationships in which individual levels of the set of hierarchical relationships correlating to a dimension of the multiple dimensions.
  - 6. The computer system of claim 1, wherein at least some elements of the security model are defined for functions relating to a set of governance risk and compliance policies.
  - 7. The computer system of claim 1, wherein the one or more processors reflect the recommendation in the generated representation.
  - 8. The computer system of claim 1, wherein the one or more processors provide the recommendation by identifying elements of the security model which are inadequate based on one or more metrics of one or more products of the network computer system that correlate to the identified elements.
  - 9. The computer system of claim 8, wherein the one or more processors generate the representation to visually indicate the identified elements of the security model which are inadequate in relation to the security model.
  - 10. The computer system of claim 1, wherein the recommendation identifies a cost for implementing the recommended upgrade.

11. A method for evaluating a network computer system, the method being implemented by one or more processors and comprising:
- accessing a library of elements for a security model, each element of the element library being defined by at least a data set type and a function, and each element of the element library including a relationship with one or more other elements of the security model;
  
  accessing a library of products, the product library storing information about a plurality of commercially available products, each product of the product library being deemed pertinent to a respective data set type and a respective function;
  
  wherein each product of the product library is associated with one or more metrics that relate to at least one of a security aspect, an effectiveness aspect, a maturity aspect, or a cost aspect of the security model;
  
  receiving input from a user, the input identifying a set of products that are deployed with the network computer system;
  
  correlating the set of deployed products to a set of elements of the element library;
  
  determining an evaluation for the network computer system with respect to the one or more security aspects, the evaluation being based on the set of elements and the one or more metrics that are associated with the set of deployed products;
  
  generating a representation that reflects (i) the security model as applied to the network computer system, and (ii) the evaluation for the network computer system; and
  
  providing a recommendation to the user to improve the evaluation;
  
  wherein generating the representation includes generating the representation to have multiple dimensions, with each dimension representing at least one of multiple aspects of the security model; and
  
  wherein the relationships of the element library include a predefined set of hierarchical relationships in which individual levels of the set of hierarchical relationships correlating to a dimension of the multiple dimensions.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, further comprising:
    - reflecting the recommendation in the generated representation.
  - 13. The method of claim 11, wherein providing the recommendation includes identifying elements of the security model which are inadequate based on one or more metrics of one or more products of the network computer system that correlate to the identified elements.
  - 14. The method of claim 13, wherein generating the representation includes visually indicating the identified elements of the security model which are inadequate in relation to the security model.
  - 15. The method of claim 14, wherein the recommendation identifies a cost for implementing the recommended upgrade.
  - 16. The method of claim 11, wherein generating the representation includes generating a spherical visualization of the security model as applied to the network computer system as a whole.

17. A non-transitory computer readable medium that stores instructions, which when executed by one or more processors of a computer system, cause the computer system to perform operations that include:
- accessing a library of elements for a security model, each element of the element library being defined by at least a data set type and a function, and each element of the element library including a relationship with one or more other elements of the security model;
  
  accessing a library of products, the product library storing information about a plurality of commercially available products, each product of the product library being deemed pertinent to a respective data set type and a respective function;
  
  wherein each product of the product library is associated with one or more metrics that relate to at least one of a security aspect, an effectiveness aspect, a maturity aspect, or a cost aspect of the security model;
  
  receiving input from a user, the input identifying a set of products that are deployed with the network computer system;
  
  correlating the set of deployed products to a set of elements of the element library;
  
  determining an evaluation for the network computer system with respect to the one or more security aspects, the evaluation being based on the set of elements and the one or more metrics that are associated with the set of deployed products;
  
  generating a representation that reflects (i) the security model as applied to the network computer system, and (ii) the evaluation for the network computer system; and
  
  providing a recommendation to the user to improve the evaluation;
  
  wherein generating the representation includes generating the representation to have multiple dimensions, with each dimension representing at least one of multiple aspects of the security model; and
  
  wherein the relationships of the element library include a predefined set of hierarchical relationships in which individual levels of the set of hierarchical relationships correlating to a dimension of the multiple dimensions;
  
  wherein generating the representation includes generating the representation to have multiple dimensions, with each dimension representing at least one of multiple aspects of the security model; and
  
  wherein the relationships of the element library include a predefined set of hierarchical relationships in which individual levels of the set of hierarchical relationships correlating to a dimension of the multiple dimensions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Security Inclusion Now USA LLC
Original Assignee
Security Inclusion Now USA LLC
Inventors
Francoeur, Jacques Remi
Primary Examiner(s)
Cribbs, Malcolm

Application Number

US15/934,485
Publication Number

US 20180288088A1
Time in Patent Office

788 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

System and method for evaluating and enhancing the security level of a network system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for evaluating and enhancing the security level of a network system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links