Graphical user interface based sensitive information and internal information vulnerability management system
First Claim
1. A method to monitor and control a network, the network comprising a plurality of endpoints, each of the plurality of endpoints comprising a plurality of sensitive documents, a security policy, and a plurality of I/O devices, the method comprising:
- retrieving security information from a first endpoint of the plurality of endpoints;
responding to a user input, displaying the first endpoint, comprising;
determining a security level for the first endpoint based on the security information, and displaying the first endpoint based on the security level;
responding to a user input, displaying a view of the first endpoint, the view comprises at least one selected from a group of;
one of the plurality of I/O devices associated with the first endpoint visually attached to the first endpoint, one of the plurality of sensitive documents associated with the first endpoint, and a violation of the security policy associated with the first endpoint; and
responding to a user input, display a view of a sensitive document, comprising;
determining a movement history trace of the sensitive document based on the security information, and displaying the view of the sensitive document based at least in part on the movement history trace.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method provides a graphical user interface (GUI) for users to monitor and manage sensitive information within an enterprise network. The GUI can provide users with information, such as the presence of input/output devices (I/O device), the location of documents containing sensitive information (sensitive documents), and the status of local security policy. The GUI can also provide users with real-time information, such as the occurrence of local security policy violations, the life-cycle of sensitive documents, and the sensitive information dynamic flow within the enterprise network.
165 Citations
10 Claims
-
1. A method to monitor and control a network, the network comprising a plurality of endpoints, each of the plurality of endpoints comprising a plurality of sensitive documents, a security policy, and a plurality of I/O devices, the method comprising:
-
retrieving security information from a first endpoint of the plurality of endpoints;
responding to a user input, displaying the first endpoint, comprising;
determining a security level for the first endpoint based on the security information, and displaying the first endpoint based on the security level;
responding to a user input, displaying a view of the first endpoint, the view comprises at least one selected from a group of;
one of the plurality of I/O devices associated with the first endpoint visually attached to the first endpoint, one of the plurality of sensitive documents associated with the first endpoint, and a violation of the security policy associated with the first endpoint; and
responding to a user input, display a view of a sensitive document, comprising;
determining a movement history trace of the sensitive document based on the security information, and displaying the view of the sensitive document based at least in part on the movement history trace. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented network sensitive information management system for monitoring and controlling sensitive information in a network, the network comprising a plurality of endpoints, each of the plurality of endpoints comprising a plurality of sensitive documents, a security policy, and a plurality of I/O devices, the system comprising:
-
a scan module for scanning the plurality of endpoints and retrieve security information, the security information comprising information about the plurality of sensitive documents, the security policy, and the plurality of I/O devices, the scanning conducted at predefined intervals;
a match module for determining whether a document is a sensitive document by matching the content of the document with prestored content identified as sensitive;
a trace module for aggregating tracing information of a sensitive document based on the security information from one or more of the plurality of endpoints; and
a graphical user interface module for displaying information regarding the sensitive information in a window, the window comprising at least one selected from a group consisting of;
a first display area for displaying the plurality of endpoints, a second display area, visually distinguished from the first display area, for displaying information of one of the plurality of endpoints, and a third display area, visually distinguished from the first and second display areas, for displaying tracing information of the sensitive document.
-
-
10. A user interface for a computer program for monitoring sensitive information in a network, the network comprising a plurality of endpoints, each of the plurality of endpoints comprising a plurality of sensitive documents, a security policy, and a plurality of I/O devices, the user interface comprising:
-
a first display area for displaying the plurality of endpoints, each endpoint including one or more display characters;
a second display area, visually distinguished from the first display area, for displaying a view of one of the plurality of endpoints, the view comprises at least one selected from a group consisting of;
one of the plurality of I/O devices associated with the first endpoint, one of the plurality of sensitive documents associated with the first endpoint, and a violation of the security policy associated with the first endpoint;
a third display area, visually distinguished from the first and second display areas, for displaying a view of a sensitive document, the view comprising a trace of the sensitive document; and
an executable process, the executive process receiving a user input, receiving security information from one of the plurality of endpoints, determining the content of a display area, and displaying the content in the display area.
-
Specification