SYSTEM AND METHOD FOR USER ACCESS RISK SCORING

US 20080288330A1
Filed: 05/14/2008
Published: 11/20/2008
Est. Priority Date: 05/14/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for measuring access risk associated with an enterprise having at least one resource accessible by at least one user with at least one entitlement to access the resource, the method comprising:

identifying the resources;

identifying the users of the resources;

identifying the entitlements associated with each of the users;

associating an access risk score with each of the entitlements; and

for each user, combining the access risk scores associated with the user to form a composite access risk score; and

outputting the composite access risk scores for each of the users.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for measuring access risk associated with an enterprise having at least one resource accessible by at least one user with at least one entitlement to access the resource. Some embodiments implement a method of identifying the resources, users, and entitlements and associating access risk scores with the entitlements. The method can include combining the access risk scores associated with each user to form composite access risks scores and outputting the composite access risk scores. In some embodiments, the user with the highest composite access risk score can be identified and remedial action taken. The highest access risk user of some embodiments may be a department, a division, a subsidiary, or an organization. The method can occur in real time and an administrator can be alerted to changes in entitlements. Access risk scores can be adjusted for compensating controls and personal factors and attributes of the users.

Citations

20 Claims

1. A method for measuring access risk associated with an enterprise having at least one resource accessible by at least one user with at least one entitlement to access the resource, the method comprising:
- identifying the resources;
  
  identifying the users of the resources;
  
  identifying the entitlements associated with each of the users;
  
  associating an access risk score with each of the entitlements; and
  
  for each user, combining the access risk scores associated with the user to form a composite access risk score; and
  
  outputting the composite access risk scores for each of the users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising using the composite access risk scores to identify the user with a highest access risk score.
  - 3. The method of claim 2 wherein the highest access risk user is selected from a group consisting of a department, a division, a subsidiary, and an organization.
  - 4. The method of claim 2 further comprising taking a remedial action with respect to the highest access risk user.
  - 5. The method of claim 1 wherein the identifying the entitlements and the combining the access risk scores occurs in real time wherein a system administrator is alerted to a change in the entitlements.
  - 6. The method of claim 1 further comprising adjusting at least one access risk score based on a compensating factor.
  - 7. The method of claim 1 further comprising adjusting at least one access risk score based on a compensating control on at least one entitlement.
  - 8. The method of claim 1 further comprising adjusting at least one combined access risk score associated with a user based on a combination of personal factors.
  - 9. The method of claim 8 wherein the personal access risk factors including one or more of geographic location, weather, demographic characteristics of the user, behavior, personal history, a previous entitlement the user had, a previous role the user had, or an entitlement that has been disassociated with the user and that recurs.

10. An enterprise system comprising:
- at least one resource with access points for at least one user;
  
  a processor in communication with the resources;
  
  an output in communication with the processor; and
  
  a machine readable memory in communication with the processor and for storing instructions which when executed cause the machine to;
  
  identify the resources;
  
  identify the users of the resources;
  
  identify the entitlements associated with each of the users;
  
  associate an access risk score with each of the entitlements; and
  
  for each user, combine the access risk scores associated with the user to form a composite access risk score; and
  
  output the composite access risk scores for each of the users at the output.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10 wherein the instructions further cause the machine to use the composite access risk scores to identify the user with a highest access risk score.
  - 12. The system of claim 11 wherein the highest access risk user is selected from a group consisting of a department, a division, a subsidiary, and an organization.
  - 13. The system of claim 11 wherein the instructions further cause the machine to alert a system administrator to take a remedial action with respect to the highest access risk user.
  - 14. The system of claim 10 wherein the identification of the entitlements and the combining of the access risk scores occurs in real time wherein a system administrator is alerted to a change in the entitlements.
  - 15. The system of claim 10 wherein the instructions further cause the machine to adjust at least one access risk score based on a compensating factor.
  - 16. The system of claim 10 wherein the instructions further cause the machine to adjust at least one access risk score based on a compensating control on at least one entitlement.
  - 17. The system of claim 10 wherein the instructions further cause the machine to adjust at least one combined access risk score associated with a user based on a combination of personal factors.
  - 18. The system of claim 17 wherein the personal access risk factors including one or more of geographic location, weather, demographic characteristics of the user, behavior, personal history, a previous entitlement the user had, a previous role the user had, or an entitlement that has been disassociated with the user and that recurs.

19. A computer readable medium carrying machine readable instructions which when executed cause the machine to:
- identify the resources of an enterprise;
  
  identify the users of the resources;
  
  identify the entitlements associated with each of the users;
  
  associate an access risk score with each of the entitlements; and
  
  for each user, combine the access risk scores associated with the user to form a composite access risk score; and
  
  output the composite access risk scores for each of the users at an output of one of the systems.
- View Dependent Claims (20)
- - 20. The computer readable medium of claim 19 wherein the instructions are further executable to cause the machine to alert a system administrator to a change in the entitlements, the highest access risk user, or both in real time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SailPoint Technologies, Inc. (SailPoint Technologies Holdings, Inc.)
Original Assignee
SailPoint Technologies, Inc. (SailPoint Technologies Holdings, Inc.)
Inventors
Hildebrand, David, Rolls, Darran

Application Number

US12/120,502
Publication Number

US 20080288330A1
Time in Patent Office

Days
Field of Search
US Class Current

705/10
CPC Class Codes

G06Q 10/06   Resources, workflows, human...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/06398   Performance of employee wit...

SYSTEM AND METHOD FOR USER ACCESS RISK SCORING

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR USER ACCESS RISK SCORING

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links