Integrated, Rules-Based Security Compliance And Gateway System
First Claim
1. A process comprisingproviding a query database comprised of information representing a plurality of queries, each query being associated in the query database with one or more of a plurality of specific industry regulations;
- receiving a selection of one or more of the plurality of specific industry regulations and displaying one or more of the queries associated with the selected industry regulations to a user of a computer network under the control of a regulated enterprise;
receiving and storing one or more answers provided by the user to the one or more queries displayed;
providing a report-writing database comprised of information indicative of one or more statements, each of the statements being associated in the report-writing database with at least one answer provided by the user to at least one query displayed to the user; and
generating from the report-writing database a compliance report comprised of one or more of the statements associated with the stored answers.
1 Assignment
0 Petitions
Accused Products
Abstract
Processes which enable regulated enterprises to efficiently manage regulatory compliance of computer networks and their users. One computer-implemented process involves providing a query database having information representing a plurality of queries, each query being associated in the query database with one or more of a plurality of specific industry regulations; receiving a selection of one or more of the plurality of specific industry regulations and displaying one or more of the queries associated with the selected industry regulations to a user of a computer network under the control of a regulated enterprise; receiving and storing one or more answers provided by the user to the one or more queries displayed; providing a report-writing database having information indicative of one or more statements, each of the statements being associated in the report-writing database with at least one answer provided by the user to at least one query displayed to the user; and generating from the report-writing database a compliance report with one or more of the statements associated with the stored answers.
39 Citations
13 Claims
-
1. A process comprising
providing a query database comprised of information representing a plurality of queries, each query being associated in the query database with one or more of a plurality of specific industry regulations; -
receiving a selection of one or more of the plurality of specific industry regulations and displaying one or more of the queries associated with the selected industry regulations to a user of a computer network under the control of a regulated enterprise; receiving and storing one or more answers provided by the user to the one or more queries displayed; providing a report-writing database comprised of information indicative of one or more statements, each of the statements being associated in the report-writing database with at least one answer provided by the user to at least one query displayed to the user; and generating from the report-writing database a compliance report comprised of one or more of the statements associated with the stored answers. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A process comprising
providing a network and data security policy database for receiving and storing data comprised of organization-specific policy data; -
distributing over an electronic network all or some of the policy data in the policy database to one or more authorized users of the electronic network in such a way so as to track the reading and understanding of that which is distributed to the one or more authorized users; distributing all or some of the policy data in the policy database to one or more computer assets in operative connection with the electronic network; detecting the computer assets on the electronic network to thereby build an inventory of those computer assets and their particular configurations, respectively; monitoring the computer assets and the authorized users to test compliance with the distributed policy data; and restricting or prohibiting connection to or use of the electronic network by those computer assets and authorized users who are not in compliance with the distributed policy data.
-
- 8. A process comprising validating a computer which is attempting to log on to an electronic network by receiving an identified MAC address and a hard drive ID number of the computer, and comparing the identified MAC address and the hard drive ID number of the computer attempting to log on with a database of MAC addresses and hard drive ID numbers for known and authorized computer hardware.
Specification