Method and System for Creating a Record for One or More Computer Security Incidents
3 Assignments
0 Petitions
Accused Products
Abstract
A security management system can log, investigate, respond, and track computer security incidents that can occur in a networked computer system. In other words, the security management system can produce a security record of information related to the tracking of suspicious computer activity or actual computer security threats, such as denial of service attacks or other similar compromises to computers or computer networks. The security record can include, but is not limited to, date and times of computer security incidents, a name for a particular security incident, a security management system user, and a potential source of the computer security incident. The security record can be designed as a running log that saves or records all activity of a computer incident source as well as the activity of the security team responding to the computer incident source. To produce the security record, all data that relates to a computer incident and all data that relates to a computer incident response can be sent to a separate protected database, where data is protected by digital signature algorithms (DSAs).
-
Citations
85 Claims
-
1-65. -65. (canceled)
-
66. A computer program product for creating a permanent record of one or more computer security incidents, said computer program product comprising:
-
a computer readable medium;
first program instructions to record computer security incident information and a respective date stamp or time stamp, the computer security incident information indicating one of suspicious computer activity comprising one or more attacks received from a network computer that occur prior to a computer security threat and an actual computer security threat;
second program instructions to automatically identify one or more computer security threat procedures corresponding to a classification of the computer security incident information, each of said computer security threat procedures comprising one or more steps for one of investigating and responding to the computer security incident information;
third program instructions to generate a display of said one or more computer security threat procedures;
fourth program instructions to receive a selection from a user of one of said computer security threat procedures and one or more steps of the selected computer security threat procedure; and
fifth program instructions to generate and output a permanent, unmodifiable record comprising the computer security incident information, results of execution of the selected one or more steps of the selected computer security threat procedure, an identity of the user who selected the computer security threat procedure, and the date stamp and time stamp for the computer security incident information; and
wherein said first, second, third, fourth and fifth program instructions are stored on said medium. - View Dependent Claims (67, 68, 69, 70, 71, 72, 73)
-
-
74. A computer program product for creating a permanent record of one or more computer security incidents, said computer program product comprising:
-
a computer readable medium;
first program instructions to record computer security incident information and a respective date stamp or time stamp, the computer security incident information indicating one of suspicious computer activity comprising one or more attacks received from a network computer that occur prior to a computer security threat and an actual computer security threat;
second program instructions to automatically identify one or more computer security threat procedures corresponding to a classification of the computer security incident information, each of said computer security threat procedures comprising one or more steps for one of investigating and responding to the computer security incident information;
third program instructions to generate a display of said one or more computer security threat procedures;
fourth program instructions to receive a selection from a user of one of said computer security threat procedures and one or more steps of the selected computer security threat procedure;
fifth program instructions to identify an appropriate computer to execute a step in the selected computer security threat procedure; and
sixth program instructions to generate and output a permanent, unmodifiable record comprising the computer security incident information, results of execution of the selected one or more steps of the selected computer security threat procedure, an identity of the user who selected the computer security threat procedure, and the date stamp and time stamp for the computer security incident information; and
wherein said first, second, third, fourth, fifth, and sixth program instructions are stored on said medium. - View Dependent Claims (75, 76, 77, 78, 79, 80)
-
-
81. A computer program product for creating a permanent record of one or more computer security incidents, said computer program product comprising:
-
a computer readable medium;
first program instructions to record computer security incident information and a respective date stamp or time stamp, the computer security incident information indicating one of suspicious computer activity comprising one or more attacks received from a network computer that occur prior to a computer security threat and an actual computer security threat;
second program instructions to automatically identify one or more computer security threat procedures corresponding to a classification of the computer security incident information, each of said computer security threat procedures comprising one or more steps for one of investigating and responding to the computer security incident information;
third program instructions to generate a display of said one or more computer security threat procedures;
fourth program instructions to automatically select a computer security threat procedure and execute one or more steps of the selected computer security threat procedure;
fifth program instructions to generate and output a permanent, unmodifiable record comprising the computer security incident information, results of execution of the selected one or more steps of the selected computer security threat procedure, and the date stamp and time stamp for the computer security incident information; and
wherein said first, second, third, fourth and fifth program instructions are stored on said medium. - View Dependent Claims (82, 83, 84, 85)
-
Specification