System and method for policy management
First Claim
Patent Images
1. A method for implementing policy objectives, comprising:
- developing a policy implementer;
registering at least one system component; and
selling the policy implementer, the policy implementer enabling the policy objectives to be instantiated in the network.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a system and method for providing policy-based protection services. As a new threat is understood, one or more protection techniques are considered for protecting the asset, the organization assigns responsibilities to carry out or protect the asset, and a policy is constructed. After the policy is developed a plan is put into action to protect the asset, and a policy implementer is developed and/or purchased, distributed, configured, and managed. Finally, the policy, its enforcement, and its effectiveness, are reviewed to determine any changes needed, and new requirements are discovered, closing the lifecycle.
-
Citations
111 Claims
-
1. A method for implementing policy objectives, comprising:
-
developing a policy implementer;
registering at least one system component; and
selling the policy implementer, the policy implementer enabling the policy objectives to be instantiated in the network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for rapid development of a policy implementer, comprising:
-
planning an implementation of a policy;
describing the implementation;
coding the implementation into the policy implementer; and
certifying the policy implementer. - View Dependent Claims (21)
-
-
22. A method for planning development of a policy implementer, comprising:
-
registering as a user on a developer Web site;
planning the development; and
accessing a plan submission tool from the developer Web site, the plan submission tool enabling the user to submit the plan to a repository.
-
-
23. A method for describing development of a policy implementer, comprising:
-
registering as a user on a developer Web site;
describing the development to produce a description; and
accessing a description submission tool from the developer Web site, the description submission tool enabling the user to submit the description to a repository.
-
-
24. A method for coding a policy implementer, comprising:
-
registering as a user on a developer Web site;
coding the policy implementer; and
accessing a code submission tool from the developer Web site, the code submission tool enabling the user to submit the code to a repository.
-
-
25. A method for policy-based accrediting of a system, comprising:
-
registering as a user on a Web site;
accrediting to produce an accreditation; and
accessing an accreditation submission tool from the Web site, the accreditation submission tool enabling the user to submit the accreditation to a repository.
-
-
26. A method for policy-based auditing of a system, comprising:
-
registering as a user on a Web site;
auditing to produce an audit; and
accessing an audit submission tool from the Web site, the audit submission tool enabling the user to submit the audit to a repository.
-
- 27. A system configured to instantiate policy objectives, the system comprising a framework, the framework configured to distribute a policy implementer and to collect data from the network.
-
37. A method for managing a policy management lifecycle, comprising:
-
storing information content;
implementing a policy associated with the content; and
distributing the content. - View Dependent Claims (38, 39, 40)
-
- 41. A system for providing protection services, the system comprising a framework, wherein the framework is configured to perform at least one of analysis of data, collection of data, distribution, administration, and display of data based on a policy implementer construct.
-
45. A method for developing policy-based protection services, comprising:
-
describing a policy requirement;
defining a generic policy implementer to address the policy requirement;
representing at least one of an asset, network, system, procedure, and a component with a named abstraction;
defining a required scope of protection for the named abstraction target; and
developing a specific policy implementer to collect a metric regarding the named abstraction. - View Dependent Claims (46, 47, 48, 49, 50, 51)
-
-
52. A method for providing policy-based protection services to a customer, comprising:
-
providing a framework; and
providing at least one policy implementer, the at least one policy implementer associated with security policy, the framework configured to distribute and manage the at least one policy implementer. - View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61)
-
-
62. A method for sharing policy-based analysis, comprising:
-
identifying at least one of a threat, a vulnerability, and a deficiency in a policy to produce a policy requirement;
analyzing the policy requirement to produce at least one of a new policy element and revised policy element; and
sharing the at least one of a new policy element and revised policy element. - View Dependent Claims (63, 64, 65)
-
-
66. A system configured to share policy-based analysis, comprising:
-
a policy library configured to contain policy descriptions and policy element descriptions; and
a policy implementer catalog linked to the policy library, the policy implementer catalog containing protections for the policy elements described in the policy library. - View Dependent Claims (67)
-
-
68. A method for managing a collaborative development process, comprising:
-
providing a developer exchange Website;
registering a developer on the exchange Website; and
providing a policy implementer submission tool via the exchange Website. - View Dependent Claims (69, 70)
-
-
71. A developer exchange Website, comprising:
-
a registration module configured to register at least one of a policy implementer planner, a policy implementer describer, a policy implementer developer, and a policy implementer certifier;
a policy implementer submission module; and
a workflow module configured to manage the development of a policy implementer. - View Dependent Claims (72, 73, 74, 75)
-
-
76. A method for protection procurement, comprising:
-
viewing a list of policy implementers for a selected policy element; and
selecting for purchase at least one policy implementer from the list of policy implementers. - View Dependent Claims (77, 78)
-
-
79. A system configured to manage a procurement process, comprising:
-
a procurement module configured to present a list of policy implementers to a buyer, the procurement module further configured to receive from a buyer a selection of a policy implementer from the list of policy implementers;
a distribution module coupled to the procurement module, the distribution module configured to install the selected policy implementer. - View Dependent Claims (80, 81, 82)
-
-
83. A method for maintaining protection components, comprising:
-
providing an incentive program for developing a new policy implementer;
providing a rapid development process to produce the new policy implementer; and
distributing the new policy implementer to a target system. - View Dependent Claims (84, 85, 86)
-
-
87. A method for managing an assurance process, comprising:
- for each component of a target system, automatically preparing a report of status, a level of protection, and a currency metric by policy element and by policy in response to a user request.
-
88. An assurance system, comprising:
-
a database configured to store at least one policy implementer association for each protected component of a protected system, the database further configured to store a description of each of the at least one policy implementer, the database further configured to associate each of the at least one policy implementer with a policy element; and
a report generation module coupled to the database, the report generation module configured to report a status, level of protection and currency in a format acceptable for at least one of policy management, enforcement, auditing and accreditation. - View Dependent Claims (89)
-
-
90. A method for improving a policy, comprising:
-
providing a community-based incentive program for improving the policy;
providing a policy description system providing a policy element description system;
providing a policy implementer requirement description system; and
providing community access to the policy description system and the policy element description system, and the policy implementer requirement description system. - View Dependent Claims (91)
-
-
92. A system configured to provide policy-based protection services to a customer, comprising:
-
a distribution engine;
an event manager coupled to the distribution engine;
and an interface to a customer system, the interface coupled to the distribution engine and the event manager, the distribution engine configured to distribute a framework component and a policy implementer component, the interface configured to collect data from the customer system, the event manager configured to store and aggregate the collected data. - View Dependent Claims (93, 94, 95, 96, 97, 98, 99, 100)
-
-
101. A method for implementing policy-based objectives in a target system, comprising:
-
distributing a first policy implementer in the target system; and
later distributing a second policy implementer in the target system. - View Dependent Claims (102, 103, 104, 105)
-
-
106. A method for alerting in a protection system, comprising:
-
receiving data indicating a breach of policy from at least one of a first target system, a first protection system, and a third-party; and
reporting the breach of policy according to a predetermined role-based responsibility associated with at least one of the first target system, a second target system, the first protection system, and a second protection system.
-
-
107. A method for alerting in a protection system, comprising:
-
receiving results from one of a certification review, an audit review, and an accreditation review; and
assigning the results according to a predetermined role-based responsibility associated with at least one of the target system, the protection system, and a developer community. - View Dependent Claims (108)
-
-
109. A method for policy-based certification of a system, comprising:
-
registering a certifier as a user on a Web site;
certifying a policy implementer to produce a certification report; and
accessing a certification submission tool from the Web site, the certification submission tool enabling the user to submit the certification report to a repository.
-
-
110. A method for providing policy-based protection, comprising:
-
receiving data;
categorizing the data to associate the data with one of a predetermined plurality of categories;
responding to the data based on the one of the predetermined plurality of categories, the data including at least one of event data and policy breach data; and
reporting based on the categorizing. - View Dependent Claims (111)
-
Specification