METHOD AND SYSTEM FOR ANALYZING RISK

US 20150205954A1
Filed: 12/22/2014
Published: 07/23/2015
Est. Priority Date: 12/23/2013
Status: Active Grant

First Claim

Patent Images

1. A method for measuring risk associated with a behavioural activity, the method comprising:

a) determining a first risk component associated with one or more persons involved in performing the activity;

b) determining a second risk component associated with sensitivity of one or more assets comprising data associated with the risk;

c) determining a third risk component associated with an endpoint which receives said one or more assets due to the activity;

d) determining a fourth risk component associated with a type of the activity; and

e) measuring the risk as a function of at least one of the first risk component, the second risk component, the third risk component, and the fourth risk component.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method, system and computer program product for analyzing risks, for example associated with potential data leakage. Risk for activities may be measured as a function of risk components related to: persons involved in the activity; sensitivity of data at risk; endpoint receiving data at risk; and type the activity. Risk may account for the probability of a leakage event given an activity as well as a risk cost which reflects the above risk components. Manually and/or automatically tuned parameters may be used to affect the risk calculation. Risk associated with persons and/or files may be obtained by: initializing risk scores of persons or files based on a rule set; adjusting the risk scores in response to ongoing monitoring of events; identifying commonalities across persons or files; and propagating risk scores based on the commonalities.

147 Citations

24 Claims

1. A method for measuring risk associated with a behavioural activity, the method comprising:
- a) determining a first risk component associated with one or more persons involved in performing the activity;
  
  b) determining a second risk component associated with sensitivity of one or more assets comprising data associated with the risk;
  
  c) determining a third risk component associated with an endpoint which receives said one or more assets due to the activity;
  
  d) determining a fourth risk component associated with a type of the activity; and
  
  e) measuring the risk as a function of at least one of the first risk component, the second risk component, the third risk component, and the fourth risk component.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising automatically tuning parameters of the function.
  - 3. The method of claim 2, wherein said parameters include one or more weighting factors each multiplying a respective one of the first risk component, the second risk component, the third risk component, and the fourth risk component.
  - 4. The method of claim 1, further comprising manually tuning parameters of the function.

5. A method for measuring risk associated with a behavioural activity, the method comprising:
- a) obtaining one or more probabilities, each probability associated with a respective potential undesired event and each probability being a conditional probability given the observed activity;
  
  b) optionally adjusting each of said probabilities by multiplication with a respective probability weighting factor;
  
  c) for each potential undesired event, obtaining one or more entity costs, each entity cost representative of a contribution to said risk associated with a given type of entity associated with the activity;
  
  d) for each potential undesired event, determining a resultant cost as a function of said entity costs; and
  
  e) measuring the risk as an expectation over the one or more resultant costs distributed over the associated probabilities of potential undesired events.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The method according to claim 5, wherein a single nonzero event risk value is determined and a single corresponding conditional probability of said event given the behaviour is obtained.
  - 7. The method according to claim 5, wherein each of the probability weighting factors are bounded between zero and one, inclusive.
  - 8. The method according to claim 5, wherein the probability weighting factor is associated with one or both of the behaviour and the event corresponding to the conditional probability being adjusted by multiplication with said probability weighting factor.
  - 9. The method according to claim 5, wherein the function of entity costs associated with said event is a weighted or unweighted average of entity costs associated with said event.
  - 10. The method according to claim 9, wherein the average of said entity costs is a weighted average, and wherein each weighting factor associated with the weighted average is bounded between zero and one, inclusive.
  - 11. The method according to claim 5, wherein said probability weighting factor is defined automatically, defined via user input, or a combination thereof.
  - 12. The method according to claim 5, wherein the given type of entity corresponds to a set of persons interacting with data to potentially be leaked, an asset comprising said data to potentially be leaked, and an endpoint to which said data to potentially be leaked is transferred.
  - 13. The method according to claim 5, wherein determining at least one of the entity costs comprises:
    - a) obtaining a set of entities of the given type of entity, each of said set of entities associated with the activity;
      
      b) obtaining a set of sub-costs, each sub-cost associated with a member of the set of entities;
      
      c) determining a weighted sum of the set of sub-costs.
  - 14. The method according to claim 13, wherein each sub-cost is weighted by a weighting factor equal to 2⁻
    - i, where i corresponds to the ordinal position of said sub-cost relative to the set of sub-costs when the set of sub-costs is sorted in order of descending value.

15. A method for measuring risk associated with data files within a population, the method comprising:
- a) initializing risk scores of the data files based on a rule set;
  
  b) adjusting the risk scores in response to ongoing interaction with the data files;
  
  c) identifying commonalities across data files; and
  
  d) at least partially propagating risk scores between data files based on said identified commonalities.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein adjusting the risk scores in response to ongoing interaction with the data files is based on operator input indicative of risk, events associated with interaction with said data files, or a combination thereof.
  - 17. The method of claim 16, wherein propagating risk scores between data files comprises propagating adjustments to the risk score from a first data file to a second data file bearing a similarity to the first data file.
  - 18. The method of claim 15, wherein propagating risk scores between data files is performed in response to data flow between data files.
  - 19. The method of claim 15, wherein initialized risk scores are based on one or more of:
    - file type, file location, file author, file owner, file user, filename patterns, document metadata, and keywords located in the file.
  - 20. The method of claim 15, further comprising adjusting the rule set based on adjustments to the risk scores as performed in at least some of (b) to (d).

21. A method for measuring risk associated with persons within a population, the method comprising:
- a) initializing risk scores of said persons based on a rule set;
  
  b) adjusting the risk scores in response to ongoing monitoring of events associated with activities of said persons;
  
  c) identifying commonalities across said persons within the population; and
  
  d) at least partially propagating risk scores between said persons based on said identified commonalities.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, wherein adjusting the risk scores in response to ongoing interaction with the data files is based on operator input indicative of risk, events associated with interaction with said persons, or a combination thereof.
  - 23. The method of claim 21, wherein propagating risk scores between persons is performed in response to interactions between said persons.
  - 24. The method of claim 23, wherein propagating risk scores between persons comprises:
    - a) adjusting the risk score of an identified person based on operator input indicative of risk, events associated with activities of said person, or a combination thereof; and
      
      b) at least partially propagating the risk score associated with a first person to a second person in response to interaction between the first person and the second person.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Interset Software, Inc. (Open Text Corporation)
Original Assignee
FileTrek Inc. (Open Text Corporation)
Inventors
Jou, Stephan, Pilkington, Shaun

Granted Patent

US 9,830,450 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

METHOD AND SYSTEM FOR ANALYZING RISK

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

147 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR ANALYZING RISK

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links