Method and System for Managing and Monitoring Continuous Improvement in Detection of Compliance Violations

US 20110307957A1
Filed: 06/15/2010
Published: 12/15/2011
Est. Priority Date: 06/15/2010
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computer for auditing a distributed computing environment in which a plurality of entities has identity accounts which allow access to protected resources in the environment, comprising:

by a processing unit in the computer, collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises at least one of compliance data, prior compliance violation data, or personal data about an entity associated with the identity account;

determining a risk factor for the identity account based on the collected data;

calculating a risk score of the identity account based on the determined risk factor; and

auditing the identity account with a frequency according to the risk score assigned to the identity account.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method, data processing system, and computer program product is provided for using compliance violation risk data about an entity to enable an identity management system to dynamically adjust the frequency in which the identity management system performs a reconciliation and compliance check of an identity account associated with the entity. Data associated with an identity account is collected, wherein the data comprises at least one of compliance data, prior compliance violations, or personal data about an entity associated with the identity account. One or more risk factors for the identity account based on the collected data are determined. A risk score of the identity account is calculated based on the determined risk factors. The identity account is then audited with a frequency according to the risk score assigned to the identity account.

Citations

20 Claims

1. A method performed by a computer for auditing a distributed computing environment in which a plurality of entities has identity accounts which allow access to protected resources in the environment, comprising:
- by a processing unit in the computer, collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises at least one of compliance data, prior compliance violation data, or personal data about an entity associated with the identity account;
  
  determining a risk factor for the identity account based on the collected data;
  
  calculating a risk score of the identity account based on the determined risk factor; and
  
  auditing the identity account with a frequency according to the risk score assigned to the identity account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - re-determining the risk factor at pre-defined time intervals;
      
      assigning a new risk score to the identity account based on the re-determined risk factor; and
      
      adjusting the frequency in which the identity account is audited according to the new risk score assigned to the identity account.
  - 3. The method of claim 1, wherein the personal data includes human resources data.
  - 4. The method of claim 1, wherein the personal data includes social media data.
  - 5. The method of claim 4, wherein the social media data comprises connections or links to other entities with known prior compliance violations.
  - 6. The method of claim 1, wherein compliance data comprises event data in W7 format.
  - 7. The method of claim 1, wherein the prior compliance violation data comprises dates on which violations of a policy are detected and a description of the violations.
  - 8. The method of claim 1, wherein calculating a risk factor for an identity account further comprises:
    - defining a set of risk profiles comprising risk criteria, data values, and risk factors associated with the data values;
      
      defining a risk score heuristic for calculating the risk score for a plurality of identity accounts, wherein the risk score heuristic comprises mathematical operators for combining the risk factors determined for each risk profile to calculate the risk score for each of the identity accounts; and
      
      defining a reconciliation schedule for performing an audit of the identity accounts based on risk score.
  - 9. The method of claim 1, wherein determining a risk factor for the identity account further comprises:
    - applying risk criteria in a set of defined risk profiles to the collected data to determine the risk factors applicable to the identity account.
  - 10. The method of claim 1, wherein calculating the risk score of the identity account comprises using a risk score heuristic comprising mathematical operators for combining the risk factors determined for each risk profile to calculate the risk score.
  - 11. The method of claim 1, wherein auditing the identity account with the frequency according to the risk score assigned to the identity account further comprises:
    - locating the risk score in a reconciliation schedule; and
      
      auditing the identity account with the frequency associated with the risk score in the reconciliation schedule.

12. A data processing system for auditing a distributed computing environment in which a plurality of entities has identity accounts which allow access to protected resources in the environment, comprising:
- a bus;
  
  a storage device connected to the bus, wherein the storage device contains computer usable code; and
  
  a processing unit connected to the bus, wherein the processing unit executes the computer usable code to collect data associated with an identity account in a plurality of identity accounts, wherein the data comprises at least one of compliance data, prior compliance violation data, or personal data about an entity associated with the identity account;
  
  determine a risk factor for the identity account based on the collected data;
  
  calculate a risk score of the identity account based on the determined risk factor; and
  
  audit the identity account with a frequency according to the risk score assigned to the identity account.

13. A computer program product for auditing a distributed computing environment in which a plurality of entities has identity accounts which allow access to protected resources in the environment, comprising:
- a computer readable storage medium having computer readable program code stored thereon, the computer readable program code for execution by a computer, comprising;
  
  computer readable program code for collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises at least one of compliance data, prior compliance violation data, or personal data about an entity associated with the identity account;
  
  computer readable program code for determining a risk factor for the identity account based on the collected data;
  
  computer readable program code for calculating a risk score of the identity account based on the determined risk factor; and
  
  computer readable program code for auditing the identity account with a frequency according to the risk score assigned to the identity account.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer program product of claim 13, further comprising:
    - computer readable program code for re-determining the risk factor at pre-defined time intervals;
      
      computer readable program code for assigning a new risk score to the identity account based on the re-determined risk factor; and
      
      computer readable program code for adjusting the frequency in which the identity account is audited according to the new risk score assigned to the identity account.
  - 15. The computer program product of claim 13, wherein the personal data includes human resources data or social media data, wherein the social media data comprises connections or links to other entities with known prior compliance violations.
  - 16. The computer program product of claim 13, wherein compliance data comprises event data in W7 format.
  - 17. The computer program product of claim 13, wherein the computer readable program code for calculating risk factor for an identity account further comprises:
    - computer readable program code for defining a set of risk profiles comprising risk criteria, data values, and risk factors associated with the data values;
      
      computer readable program code for defining a risk score heuristic for calculating the risk score for a plurality of identity accounts, wherein the risk score heuristic comprises mathematical operators for combining the risk factors determined for each risk profile to calculate the risk score for each of the identity accounts; and
      
      computer readable program code for defining a reconciliation schedule for performing an audit of the identity accounts based on risk score.
  - 18. The computer program product of claim 13, wherein the computer readable program code for determining a risk factor for the identity account further comprises computer readable program code for applying risk criteria in a set of defined risk profiles to the collected data to determine the risk factors applicable to the identity account, wherein the computer readable program code for calculating the risk score of the identity account further comprises computer readable program code for using a risk score heuristic comprising mathematical operators for combining the risk factors determined for each risk profile to calculate the risk score, and wherein the computer readable program code for auditing the identity account with the frequency according to the risk score assigned to the identity account further comprises computer readable program code for locating the risk score in a reconciliation schedule and auditing the identity account with the frequency associated with the risk score in the reconciliation schedule.
  - 19. The computer program product of claim 13, wherein the computer readable program code is stored in a computer readable storage medium in a data processing system, and wherein the computer readable program code is downloaded over a network from a remote data processing system.
  - 20. The computer program product of claim 13, wherein the computer readable program code is stored in a computer readable storage medium in a server data processing system, and wherein the computer readable program code is downloaded over a network from a remote data processing system for use in a computer readable storage medium with the remote system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Doll, Dennis R., Hassoun, Bassam H., Matthiesen, Brian R., Barcelo, Fernando, Weise, Jedd, Young, John B.

Granted Patent

US 8,812,342 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/25
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

G06Q 10/0635   Risk analysis of enterprise...

H04L 63/102   Entity profiles

H04W 12/67   Risk-dependent, e.g. select...

Method and System for Managing and Monitoring Continuous Improvement in Detection of Compliance Violations

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Managing and Monitoring Continuous Improvement in Detection of Compliance Violations

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links