METHOD OF INTEGRATING A SECURITY OPERATIONS POLICY INTO A THREAT MANAGEMENT VECTOR
First Claim
1. A method of integrating a security operations policy into a threat management vector, the method comprising:
- receiving at least one threat management vector (TMV) from a TMV generator, the TMV including a root vulnerability vector, at least one system vector, at least one system level vector, and a countermeasures payload including intrusion detection countermeasures (IDC), intrusion response countermeasures (IRC), and vulnerability remediation countermeasures (VRC);
propagating the TMV through a hierarchy of policy mediation regions (PMRs), each PMR being operable to refine at least one of the IDC, the IRC, and the VRC;
refining at least one of the IDC, the IRC, or the VRC to conform to a security operations policy of the PMR; and
forwarding the refined TMV to a threat management domain controller (TMDC).
2 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to the integration of a security operations policy into a threat management vector. In one embodiment, a method according to the invention includes receiving at least one threat management vector (TMV) from a TMV generator, the TMV including a root vulnerability vector, at least one system vector, at least one system level vector, and a countermeasures payload including intrusion detection countermeasures (IDC), intrusion response countermeasures (IRC), and vulnerability remediation countermeasures (VRC); forwarding to the TMDC a TMV including only the root vulnerability vector, the at least one system vector, and the at least one system level vector; propagating the TMV through a hierarchy of policy mediation regions (PMRs), each PMR being operable to refine at least one of the IDC, the IRC, and the VRC; refining at least one of the IDC, the IRC, and the VRC to conform to a security operations policy of the PMR; forwarding the refined TMV to a threat management domain controller (TMDC); recording refinements made by each PMR to each of the IDC, the IRC, and the VRC; transferring the recorded refinements to a threat management control book (TMCB); and marking the refined TMV as having been refined by each PMR making a refinement.
35 Citations
8 Claims
-
1. A method of integrating a security operations policy into a threat management vector, the method comprising:
-
receiving at least one threat management vector (TMV) from a TMV generator, the TMV including a root vulnerability vector, at least one system vector, at least one system level vector, and a countermeasures payload including intrusion detection countermeasures (IDC), intrusion response countermeasures (IRC), and vulnerability remediation countermeasures (VRC); propagating the TMV through a hierarchy of policy mediation regions (PMRs), each PMR being operable to refine at least one of the IDC, the IRC, and the VRC; refining at least one of the IDC, the IRC, or the VRC to conform to a security operations policy of the PMR; and forwarding the refined TMV to a threat management domain controller (TMDC). - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of supplying a computer system with a threat management vector, the method comprising:
-
registering a computer system with a first threat management domain controller (TMDC); and in the case that the computer system was previously registered with a second TMDC; reporting to the first TMDC all threat management vector generation numbers (TMVGNs) received from the second TMDC; propagating each TMVGN upward through a policy mediation region (PMR) hierarchy; decomposing each TMVGN until an original source TMV is obtained; regenerating a refined TMV from the original source TMV by propagating the TMV downward through the PMR hierarchy; and forwarding the refined TMV to the first TMDC.
-
-
8. A program product stored on a computer-readable medium, which when executed, integrates a security operations policy into a threat management vector, the program product comprising:
-
program code for receiving at least one threat management vector (TMV) from a TMV generator, the TMV including a root vulnerability vector, at least one system vector, at least one system level vector, and a countermeasures payload including intrusion detection countermeasures (IDC), intrusion response countermeasures (IRC), and vulnerability remediation countermeasures (VRC); program code for propagating the TMV through a hierarchy of policy mediation regions (PMRs), each PMR being operable to refine at least one of the IDC, the IRC, and the VRC; program code for refining at least one of the IDC, the IRC, and the VRC to conform to a security operations policy of the PMR; and program code for forwarding the refined TMV to a threat management domain controller (TMDC).
-
Specification