SYSTEMS AND METHODS FOR DETECTING INFORMATION LEAKAGE BY AN ORGANIZATIONAL INSIDER
First Claim
1. A computer-implemented method for detecting information leakage by an organizational insider, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a set of organizational insiders of an organization;
identifying a set of public forums used by at least one organizational insider in the set of organizational insiders;
identifying a set of messages posted to at least one public forum in the set of public forums;
creating a message record corresponding to each message in the set of messages, the message record comprising;
a message summary;
a set of message metadata fields;
consolidating a plurality of message records into a message summary record according to the sets of metadata fields in the plurality of message records;
identifying, based on the message summary record, an information leakage threat.
6 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for detecting information leakage by an organizational insider may include (1) identifying a set of organizational insiders of an organization, (2) identifying a set of public forums used by one or more organizational insiders, (3) identifying a set of messages posted to one or more public forums, (4) creating a message record corresponding to each message, with the record including a message summary, and a set of message metadata fields, (5) consolidating message records with common metadata fields into a message summary record, and (6) identifying, based on the message summary record, an information leakage threat. Various other methods, systems, and computer-readable media are also disclosed.
36 Citations
20 Claims
-
1. A computer-implemented method for detecting information leakage by an organizational insider, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying a set of organizational insiders of an organization; identifying a set of public forums used by at least one organizational insider in the set of organizational insiders; identifying a set of messages posted to at least one public forum in the set of public forums; creating a message record corresponding to each message in the set of messages, the message record comprising; a message summary; a set of message metadata fields; consolidating a plurality of message records into a message summary record according to the sets of metadata fields in the plurality of message records; identifying, based on the message summary record, an information leakage threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for detecting information leakage by an organizational insider, the system comprising:
-
an insider identification module, stored in memory, that identifies a set of organizational insiders of an organization; a forum identification module that identifies a set of public forums used by at least one organizational insider in the set of organizational insiders; a message identification module that identifies a set of messages posted to at least one public forum in the set of public forums; a message record module, stored in memory, that creates a message record corresponding to each message in the set of messages, the message record comprising; a message summary; a set of message metadata fields; a consolidation module, stored in memory, that consolidates a plurality of message records into a message summary record according to the sets of metadata fields in the plurality of message records; a threat identification module that identifies, based on the message summary record, an information leakage threat; at least one processor configured to execute the insider identification module, the forum identification module, the message identification module, the message record module, the consolidation module, and the threat identification module. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable-storage medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a set of organizational insiders of an organization; identify a set of public forums used by at least one organizational insider in the set of organizational insiders; identify a set of messages posted to at least one public forum in the set of public forums; create a message record corresponding to each message in the set of messages, the message record comprising; a message summary; a set of message metadata fields; consolidate a plurality of message records into a message summary record according to the sets of metadata fields in the plurality of message records; identify, based on the message summary record, an information leakage threat. - View Dependent Claims (20)
-
Specification