Risk driven compliance management

US 20070101432A1
Filed: 10/28/2005
Published: 05/03/2007
Est. Priority Date: 10/28/2005
Status: Abandoned Application

First Claim

Patent Images

1. A system that ensures computer network environment compliance, comprising:

a receiving component that obtains a level of risk for at least one computer network environment; and

a compliance management component that dynamically determines a level of detection and/or compliance for the computer network environment in response to the risk level.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Environmental risk levels are leveraged to provide dynamic, user-tailorable, actions to detect network compliance and/or to remediate via manual and/or automatic means to bring the network into compliance given the risk level. The risk levels can be based on a combination of business, security, and operation factors and the like. Potentially different remediation steps can be performed on a network-wide basis and/or on individual items of the network based on a current level of environmental risk. Instances can include a management console that can provide a centralized point of administration that allows an organization to review a state of compliance with a security policy across a network environment and/or select a current level of risk which can drive a configuration management engine appropriately. The configuration management engine can utilize existing components to facilitate in detection and/or remediation of the computer network.

Citations

20 Claims

1. A system that ensures computer network environment compliance, comprising:
- a receiving component that obtains a level of risk for at least one computer network environment; and
  
  a compliance management component that dynamically determines a level of detection and/or compliance for the computer network environment in response to the risk level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20)
- - 2. The system of claim 1, the compliance management component automatically facilitates in remedying at least one risk susceptible item based on the risk level.
  - 3. The system of claim 1, the compliance management component notifies personnel of at least one change to facilitate in manually remedying at least one risk susceptible item.
  - 4. The system of claim 1, the compliance management component provides personnel with an automated workflow to facilitate in remedying at least one risk susceptible item.
  - 5. The system of claim 1 is responsive to levels of risk based on, at least in part, business, security, and/or operational information.
  - 6. The system of claim 1 further comprising:
    - a management console that provides a user interface to allow a user to control at least one level of response for at least one risk level and/or to obtain information regarding compliance information obtained by the compliance management component.
  - 7. The system of claim 6, the management console comprising a hierarchy of a central management console and at least one sub-management console that provides compliance management for a respective sub-group of computing devices.
  - 8. The system of claim 7, the central management console providing overriding risk level control of at least one sub-management console and/or allowing overriding risk level control by at least one sub-management console reporting a highest level of risk.
  - 9. The system of claim 1 further comprising:
    - a configuration management engine that facilitates in scanning and/or remediation of the computer network environment to facilitate the compliance management component in dynamically responding to the risk level to maintain detection and/or compliance of the computer network environment.
  - 10. The system of claim 9, the configuration management engine comprising a scriptable scan model and/or a scriptable remediation model.
  - 20. A device employing the system of claim 1 comprising at least one selected from the group consisting of a computer, a server, and a handheld electronic device.

11. A method for ensuring computer network environment compliance, comprising:
- obtaining a level of risk for at least one computer network environment; and
  
  employing a compliance engine to detect and/or remediate the computer network environment compliance in response to the level of risk.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11 further comprising:
    - dynamically determining a level of detection and/or compliance for the computer network environment in response to the risk level; and
      
      adjusting the levels of detection and/or remediation for the computer network environment into compliance with the obtained level of risk.
  - 13. The method of claim 11 further comprising:
    - providing a centralized point of administration for reviewing a state of compliance and/or selecting a level of risk for compliance related tasks.
  - 14. The method of claim 11 further comprising:
    - automatically remedying at least one risk susceptible item based on the risk level.
  - 15. The method of claim 11 further comprising:
    - notifying at least one user of at least one change to facilitate in manually remedying at least one risk susceptible item.
  - 16. The method of claim 11 further comprising:
    - responding to levels of risk based on, at least in part, business, security, and/or operational information.
  - 17. The method of claim 11 further comprising:
    - providing a user interface to control at least one level of response for at least one risk level and/or to obtain information regarding compliance information obtained by the compliance management component.
  - 18. The method of claim 17 further comprising:
    - providing a compliance management hierarchy for sub-groups of at least one computer network with overriding risk level control via a sub-group manager with a highest risk level and/or overriding risk level control via a central manager regardless of level of risk.

19. A system that ensures computer network environment compliance, comprising:
- means for obtaining a level of risk for at least one computer network environment;
  
  means for dynamically determining a level of detection and compliance for the computer network environment in response to the risk level; and
  
  means for scanning and/or remediation of the computer network environment to facilitate in dynamically responding to the risk level to maintain detection and/or compliance of the computer network environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Carpenter, Matthew

Application Number

US11/261,091
Publication Number

US 20070101432A1
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Risk driven compliance management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Risk driven compliance management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links