METHOD AND DEVICE FOR MANAGING SECURITY EVENTS
First Claim
Patent Images
1. A method comprising:
- establishing a security event manager on a mobile computing device;
retrieving security policy data with the security event manager, the security policy data defining a set of security event rules for determining the occurrence of a security event;
receiving security event data with the security event manager, the security event data being generated from at least one security event source of the mobile computing device;
determining an occurrence of a security event with the security event manager based on the security event data and the security policy data; and
responding to the security event with the security event manager.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and device for managing security events includes establishing a security event manager on a mobile computing device. The security event manager may be embodied as software and/or hardware components. The security event manager receives security event data from a plurality of security event sources of the mobile computing device and correlates the security event data based on a security policy to determine whether a security event has occurred. The security event manager responds to the security event based on the security policy.
-
Citations
24 Claims
-
1. A method comprising:
-
establishing a security event manager on a mobile computing device; retrieving security policy data with the security event manager, the security policy data defining a set of security event rules for determining the occurrence of a security event; receiving security event data with the security event manager, the security event data being generated from at least one security event source of the mobile computing device; determining an occurrence of a security event with the security event manager based on the security event data and the security policy data; and responding to the security event with the security event manager. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A mobile computing device comprising:
-
a security event manager; a processor; and a memory device having stored therein a plurality of instructions, which when executed by the processor, cause the security event manager to; receive security event data generated from a plurality of security event sources of the mobile computing device; correlate the security event data based on a security policy to determine an occurrence of a security event, the security policy being stored on the mobile computing device and defining a set of security event rules for determining the occurrence of a security event; and respond to the security event based on the security policy. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A tangible, machine readable medium comprising a plurality of instructions, that in response to being executed, result in a computing device:
-
establishing a security event manager; receiving security event data with the security event manager, the security event data being generated from a plurality of security event sources of the computing device; normalizing the security event data, using the security event manager, to generate normalized security event data, the normalized security event data having a predetermined data format; aggregating the normalized security event data, using the security event manager, to generate aggregated security event data, the aggregated security event data summarizing the normalized security event data; and correlating the aggregated security event data based on a predetermined security policy, using the security event manager, to determine whether a security event has occurred. - View Dependent Claims (23, 24)
-
Specification