Identifying security threats
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, and computer-readable medium is described for analyzing information to assist security personnel in identifying security threats. In some situations, various threat trend analyses are used to identify trends in various security-related information, and trend analysis information may then be presented to appropriate users (e.g., via displayed graphical charts). In a similar manner, in some situations various types of threat alerts are used to notify appropriate personnel when current conditions trigger the alert, such as in a real-time manner. In some situations, the trend analyses and alerts are selected for a user based on a current role of the user, and in some situations the information about a possible security threat is provided to various security personnel that are determined to be appropriate for the information, such as security personnel in affected geographical locations or that have capabilities related to preventing or addressing such threats.
49 Citations
41 Claims
-
1. (canceled)
-
2. A method in a computing system for identifying future terrorism threats based on analysis of terrorist activity information, the method comprising:
-
for each of multiple users, determining a current role of the user related to fighting terrorism;
selecting one or more terrorism threat trend analysis (TTTA) definitions and one or more terrorism threat alert definitions for the user based at least in part on the determined current role, each TTTA definition specifying a measurement criteria for one of multiple types of terrorist activities and specifying a length of time, and each terrorism threat alert definition specifying a threshold related to one of the multiple types of terrorist activities; and
repeatedly assisting the user in identifying future terrorism threats in an automated manner by, for each of the selected TTTA definitions, retrieving information about terrorist activities that occurred during a previous period of time of the length specified by the TTTA definition and that are of the type for the specified measurement criteria of the TTTA definition;
analyzing the retrieved terrorist activity information based on the measurement criteria specified by the TTTA definition in order to calculate activity threat values during the previous period of time and to detect a trend in the calculated activity threat values over the previous period of time;
generating a report that includes the calculated activity threat values in such a manner as to indicate the detected trend;
presenting the generated report to the user to enable the user to identify the detected trend in the determined activity threat values;
when the retrieved information is of the type for which one or more of the selected terrorism threat alert definitions has a specified threshold, determining for each of those selected terrorism threat alert definitions whether one or more of the calculated activity threat values exceed the threshold specified by the terrorism threat alert definition; and
when a threshold specified by a terrorism threat alert definition is exceeded, immediately notifying the user of that terrorism threat alert; and
after the detecting of a trend and/or the determining that a threshold of a terrorism threat alert definition is exceeded, determining appropriate security personnel to be notified of the detected trend and/or of the exceeded terrorism threat alert threshold and notifying those security personnel of the detected trend and/or of the exceeded terrorism threat alert threshold, so that users can identify future terrorism threats based on detected trends in terrorist activities and on thresholds for threat alerts that are exceeded;
wherein the terrorism threat alert definitions are each associated with one of the TTTA definitions in such a manner that the specified threshold for a terrorism threat alert definition corresponds to an amount of change in a detected trend of multiple calculated activity threat values from an analysis of terrorist activity information for the associated TTTA definition. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
-
-
3. (canceled)
-
4. (canceled)
-
12. A computer-implemented method for identifying possible terrorism threats, the method comprising:
-
receiving information about terrorist activities that have occurred;
receiving an indication of a current user who has a specified current role related to fighting terrorism, the current role being one of multiple distinct roles that are each associated with threat analyses having associated criteria for analyzing terrorist activity information;
identifying based at least in part on the specified current role of the current user one or more threat analyses;
for each of the identified threat analyses, automatically analyzing the received terrorist activity information based on associated criteria for that threat analysis in order to determine whether the terrorist activities indicate a possible terrorism threat, the analyzing using the associated criteria for the threat analysis to measure one or more aspects of the terrorist activity information for each of multiple units of time and determining a trend in one or more of the measured aspects over a period of time that includes multiple of the time units; and
when the analyzing of the received terrorist activity information indicates a possible terrorism threat, providing to the current user information related to the possible terrorism threat;
automatically determining an appropriate user to notify of the possible terrorism threat based at least in part on a type of the possible terrorism threat and on a current role of that user; and
notifying the determined user of the possible terrorism threat. - View Dependent Claims (13, 14, 15, 16, 17, 18, 21, 22, 23, 24, 25, 26, 28, 29, 30, 31)
-
-
19. (canceled)
-
20. (canceled)
-
27. (canceled)
-
32. A computer-readable medium whose contents cause a computing device to assist in identifying security threats, by performing a method comprising:
-
identifying one or more threat analyses for analyzing information about occurrences related to one or more security threats, the identified threat analyses selected based at least in part on a current role of a current user;
for each of the identified threat analyses, attempting to identify a security threat by analyzing the security threat occurrence information, the analyzing including measuring one or more aspects of the security threat occurrence information for each of multiple units of time and determining a trend in one or more of the measured aspects over a period of time that includes multiple of the time units; and
when the analyzing of the received security threat occurrence information identifies a security threat, notifying a user of the identified security threat who is selected as appropriate based at least in part on the identified security threat. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A computing device for assisting in identifying possible security threats, comprising:
-
a threat analyzer component that is capable of identifying a threat analysis that has an associated criteria for analyzing security threat occurrence information and of analyzing the security threat occurrence information based on the associated criteria in order to identify a possible security threat, the analyzing using the associated criteria for the threat analysis to determine a trend over a period of time in one or more aspects of the security threat occurrence information; and
a threat notifier component that is capable of notifying a user of an identified possible security threat, the user selected as appropriate for the identified possible security threat based at least in part on a current role of the user. - View Dependent Claims (39)
-
-
40. A computer system for assisting in identifying possible security threats, comprising:
-
means for identifying a threat analysis that has an associated criteria for analyzing security threat occurrence information and for analyzing the security threat occurrence information based on the associated criteria in order to identify a possible security threat, the analyzing using the associated criteria for the threat analysis to determine a trend over a period of time in one or more aspects of the security threat occurrence information; and
means for notifying a user of an identified possible security threat after the user is identified as appropriate for the identified possible security threat based at least in part on a current role of the user.
-
-
41. A computer-implemented method for identifying potential terrorist acts, the method comprising:
-
receiving information about terrorist activities that have occurred;
identifying one or more threat analyses that each have an associated criterion for analyzing the received terrorist activity information;
for each of the identified threat analyses, automatically analyzing the received terrorist activity information based on the associated criterion for that threat analysis in order to determine whether the terrorist activities indicate a potential terrorist act, the analyzing including determining a trend over a period of time in one or more aspects of the received terrorist activity information; and
when the analyzing of the received terrorist activity information indicates a potential terrorist act, identifying one or more individuals who will perform the potential terrorist act;
selecting one or more agents appropriate to directly prevent the potential terrorist act, the selecting based on a type of the potential terrorist act and on current roles of the agents that are related to preventing terrorist acts of that type; and
notifying the selected agents of the potential terrorist act and the identified individuals in order to directly prevent the potential terrorist act.
-
Specification