Network Policy Management And Effectiveness System

US 20070261121A1
Filed: 05/02/2007
Published: 11/08/2007
Est. Priority Date: 06/25/1998
Status: Active Grant

First Claim

Patent Images

1. A method for maintaining network policy compliance on a network comprising the steps of:

monitoring network user compliance with a network security policy from a plurality of network security policies stored in a database;

evaluating compliance with the network security policy based on the network user compliance;

automatically undertaking a network policy compliance action, the network policy compliance action being generated in response to the evaluation of compliance with the network security policy;

automatically analyzing the undertaking of a network policy compliance action to identify ineffectual policies; and

automatically implementing a different network security policy based on the identification of an ineffectual policy.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The Present Invention discloses a method and apparatus for maintaining policy compliance on a computer network. A system in accordance with the principles of the Present Invention performs the steps of electronically monitoring network user compliance with a network security policy stored in a database, electronically evaluating network security policy compliance based on network user compliance and electronically undertaking a network policy compliance action in response to network security policy non-compliance. The network policy compliance actions may include automatically implementing a different network security policy selected from network security policies stored in the database, generating policy effectiveness reports and providing a retraining module to network users.

68 Citations

View as Search Results

20 Claims

1. A method for maintaining network policy compliance on a network comprising the steps of:
- monitoring network user compliance with a network security policy from a plurality of network security policies stored in a database;
  
  evaluating compliance with the network security policy based on the network user compliance;
  
  automatically undertaking a network policy compliance action, the network policy compliance action being generated in response to the evaluation of compliance with the network security policy;
  
  automatically analyzing the undertaking of a network policy compliance action to identify ineffectual policies; and
  
  automatically implementing a different network security policy based on the identification of an ineffectual policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15)
- - 2. The method of claim 1, further comprising the step of confirming the different network security policy upon implementation.
  - 3. The method of claim 2, wherein the evaluation step comprises the steps of:
    - generating a network security policy compliance value based on the step of monitoring network user compliance with a network security policy; and
      
      comparing the network security compliance value to a target network security compliance value, the target network security compliance value defining a baseline for network security policy compliance;
      
      wherein the step of monitoring network user compliance with a network security policy is performed for a plurality of network users.
  - 4. The method of claim 3, wherein the undertaking step is based on a difference between the compliance value and the target compliance value.
  - 5. The method of claim 4, wherein the undertaking step comprises the steps of:
    - implementing one of the network security policies selected from the plurality of network security policies stored in the database;
      
      confirming the change of network security policies; and
      
      generating at least one policy effectiveness report.
  - 6. The method of claim 5, wherein each network security policy comprises an associated security level identifier, each security level identifier identifying the relative restrictiveness of the associated network security policy.
  - 7. The method of claim 6, wherein the implementation step comprises the step of selecting a network security policy based on the associated security level identifier.
  - 8. The method of claim 1, further comprising the step of undertaking a user compliance action, the user compliance action being generated in response to the monitored network user compliance.
  - 9. The method of claim 8, wherein the evaluation step comprises the steps of:
    - generating a network security policy compliance value based on the step of monitoring network user compliance with a network security policy; and
      
      comparing the network security compliance value to a target network security compliance value, the target network security compliance value defining a baseline for network security policy compliance;
      
      wherein the step of monitoring network user compliance with a network security policy is performed for a plurality of network users.
  - 10. The method of claim 9, wherein the undertaking step is based on a difference between the compliance value and the target compliance value.
  - 11. The method of claim 10, wherein the user compliance action is generated by the following steps:
    - automatically selecting one of a plurality of compliance actions, each of the compliance actions being based on a difference between the compliance value and the target compliance value;
      
      notifying a network user; and
      
      notifying a system administrator.
  - 12. The method of claim 1, further comprising the step of interactively generating a network security policy.
  - 14. The method of claim 1, wherein the step of monitoring further comprises the steps of:
    - providing a network policy exam to one of a plurality of network users;
      
      electronically receiving answers to the network policy exam from the one of the plurality of network users;
      
      electronically evaluating the answers to the network policy exam to generate an evaluation score;
      
      notifying the one of the plurality of network users of the evaluation score; and
      
      storing the evaluation score in a database.
  - 15. The method of claim 1, wherein the network security policy comprises:
    - a network hardware policy;
      
      an email policy;
      
      an internet policy;
      
      a software license policy;
      
      a document management system policy; and
      
      a network security enforcement policy.

13. The method of Claim Error! Reference source not found., wherein the step of interactively generating a network security policy comprising the steps of:
- providing a suggested network security policy to a plurality of network users;
  
  receiving at least one modified network security policy from at least one of the network users;
  
  providing at least one of the modified network security policies to the plurality of network users; and
  
  receiving a group modified network security policy from the plurality of network users.

16. An apparatus for maintaining policy compliance on a computer network comprising a computer system comprising at least one processor and at least one memory.
- View Dependent Claims (17, 18)
- - 17. The apparatus of claim 16, wherein the computer system is adapted and arranged for:
    - monitoring network user compliance with a network security policy from a plurality of network security policies stored in a database;
      
      evaluating compliance with the network security policy based on the network user compliance;
      
      automatically undertaking a network policy compliance action, the network policy compliance action being generated in response to the evaluation of compliance with the network security policy;
      
      automatically analyzing the undertaking of a network policy compliance action to identify ineffectual policies; and
      
      automatically implementing a different network security policy based on the identification of an ineffectual policy.
  - 18. The method of claim 17, further comprising the step of confirming the different network security policy upon implementation.

19. An article of manufacture for maintaining policy compliance on a computer network, the article of manufacture comprising a computer-readable storage medium having a computer program embodied therein that causes the computer network to perform the steps of:
- monitoring network user compliance with a network security policy from a plurality of network security policies stored in a database;
  
  evaluating compliance with the network security policy based on the network user compliance;
  
  automatically undertaking a network policy compliance action, the network policy compliance action being generated in response to the evaluation of compliance with the network security policy;
  
  automatically analyzing the undertaking of a network policy compliance action to identify ineffectual policies; and
  
  automatically implementing a different network security policy based on the identification of an ineffectual policy.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising the step of confirming the different network security policy upon implementation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Longhorn HD LLC (Alpha Alpha Intellectual Partners LLC)
Original Assignee
Yaszistra Fund III LLC (Intellectual Ventures LLC)
Inventors
Jacobson, Andrea

Granted Patent

US 7,917,938 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

H04L 9/40   Network security protocols

Network Policy Management And Effectiveness System

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network Policy Management And Effectiveness System

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links