Method and System for Generating Data for Security Assessment
First Claim
1. A security assessment data generation method of generating an assessment policy that is data to be inputted to a security assessment system that assesses a presence or absence of an improper setting indicating a composite error of security settings in an assessment object system, the method comprising the steps of:
- collecting system configuration information including information regarding at least one of or a combination of a network, an application, a file, a service and a user of the assessment object system;
receiving attribute information that is added to said system configuration information and which indicates contents of attributes of at least one of or a combination of the network, the application, the file, the service and the user;
generating, using said attribute information, an access policy that includes information regarding at least one of or a combination of a migration source, a migration destination and a migration path of data with respect to an improper data migration path; and
generating an assessment policy describing the improper data migration path based on said access policy, said system configuration information and said attribute information.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for creating data to be inputted to a security assessment system is provided with: a system configuration information collection unit for collecting system configuration information from an assessment object system; an attribute information input unit for receiving attribute information added to the system configuration information; an access policy generation unit for generating an access policy using the attribute information; and an assessment policy generation unit for generating an assessment policy representing an improper data migration path based on the access policy, the system configuration information and the attribute information.
50 Citations
20 Claims
-
1. A security assessment data generation method of generating an assessment policy that is data to be inputted to a security assessment system that assesses a presence or absence of an improper setting indicating a composite error of security settings in an assessment object system, the method comprising the steps of:
-
collecting system configuration information including information regarding at least one of or a combination of a network, an application, a file, a service and a user of the assessment object system; receiving attribute information that is added to said system configuration information and which indicates contents of attributes of at least one of or a combination of the network, the application, the file, the service and the user; generating, using said attribute information, an access policy that includes information regarding at least one of or a combination of a migration source, a migration destination and a migration path of data with respect to an improper data migration path; and generating an assessment policy describing the improper data migration path based on said access policy, said system configuration information and said attribute information. - View Dependent Claims (2)
-
-
3. A security assessment data generation system for generating an assessment policy that is data to be inputted to a security assessment system that assesses a presence or absence of an improper setting that indicates a composite error of security settings in an assessment object system, the system comprising:
-
system configuration information collection means for collecting system configuration information including information regarding at least one of or a combination of a network, an application, a file, a service and a user of said assessment object system; attribute information inputting means for receiving input of attribute information which is added to said system configuration information and which indicates contents of attributes of at least one of or a combination of the network, the application, the file, the service and the user; access policy generation means for generating, using said attribute information, an access policy that includes information regarding at least one of or a combination of a migration source, a migration destination and a migration path of data with respect to an improper data migration path; and assessment policy generation means for generating an assessment policy representing an improper data migration path based on said access policy generated by said access policy generation means, said system configuration information and said attribute information. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 16, 17, 18, 19, 20)
-
-
12. A security assessment data generation program to be installed in a computer that generates an assessment policy that is data to be inputted to a security assessment system that assesses a presence or absence of an improper setting indicating a composite error of security settings in an assessment object system, the program causing said computer to execute processing for:
-
collecting system configuration information including information regarding at least one of or a combination of a network, an application, a file, a service and a user of the assessment object system; receiving attribute information that is added to said system configuration information and which indicates contents of attributes of at least one of or a combination of the network, the application, the file, the service and the user; generating, using said attribute information, an access policy that includes information regarding at least one of or a combination of a migration source, a migration destination and a migration path with respect to an improper data migration path; and generating an assessment policy describing the improper data migration path based on said access policy, said system configuration information and said attribute information. - View Dependent Claims (13)
-
Specification