DYNAMIC ENTERPRISE SECURITY CONTROL BASED ON USER RISK FACTORS
First Claim
1. A computer-implemented method for dynamically setting enterprise-level security rules as a function of assessing risk factors associated with a user, the method comprising executing on a computer processor the steps of:
- determining risk values for respective ones of a plurality of different attributes of a user, wherein the risk values each represent a likelihood of loss of secure data of an enterprise as a function of association of the respective ones of the plurality of different attributes of the user;
adding the risk values together to generate a risk factor for the user;
in response to determining that the risk factor meets at least one off-site access threshold value, applying security settings associated with the user and granting access, pursuant to the applied security settings, to the enterprise secure data by the user from an off-site location of the user that is not within a local network of the enterprise;
in response to determining that the risk factor does not meet the at least one off-site access threshold value, determining whether at least one additional security enhancement is applicable to the user and not enabled within the applied security settings; and
in response to determining that at least one additional security enhancement is applicable to the user and not within the applied security settings, iteratively selecting one of the at least one additional security enhancements that is applicable to the user and not enabled within the applied security settings, revising the security settings by enabling the selected security enhancement, and revising the risk factor by a risk abrogation value of the selected security enhancement, until;
granting access to the user, pursuant to the revised security settings, to the enterprise secure data from the off-site location, in response to determining that the revised risk factor meets the at least one off-site access threshold value;
ordenying access to the user to the enterprise secure data from the off-site location, in response to determining that there is no additional at least one security enhancement applicable to the user and not enabled within the security settings.
2 Assignments
0 Petitions
Accused Products
Abstract
Aspects dynamically set enterprise-level security rules by assessing risk factors associated with a user. Risk values representing likelihoods of loss of enterprise secure data are determined for different attributes of a user, and added together to generate a user risk factor. If the risk factor does not meet one or more off-site access threshold value(s), additional security enhancements applicable to the user and not enabled within currently applied security are iteratively selected and used to revise the security settings, and the risk factor is revised by a risk abrogation value of each of the selected security enhancements, until either the revised risk factor meets the off-site access threshold value(s) (wherein access is granted to the secure data from the off-site location pursuant to the revised security settings), or until no additional applicable security enhancements are available (wherein user access to the secure data from the off-site location is denied).
-
Citations
20 Claims
-
1. A computer-implemented method for dynamically setting enterprise-level security rules as a function of assessing risk factors associated with a user, the method comprising executing on a computer processor the steps of:
-
determining risk values for respective ones of a plurality of different attributes of a user, wherein the risk values each represent a likelihood of loss of secure data of an enterprise as a function of association of the respective ones of the plurality of different attributes of the user; adding the risk values together to generate a risk factor for the user; in response to determining that the risk factor meets at least one off-site access threshold value, applying security settings associated with the user and granting access, pursuant to the applied security settings, to the enterprise secure data by the user from an off-site location of the user that is not within a local network of the enterprise; in response to determining that the risk factor does not meet the at least one off-site access threshold value, determining whether at least one additional security enhancement is applicable to the user and not enabled within the applied security settings; and in response to determining that at least one additional security enhancement is applicable to the user and not within the applied security settings, iteratively selecting one of the at least one additional security enhancements that is applicable to the user and not enabled within the applied security settings, revising the security settings by enabling the selected security enhancement, and revising the risk factor by a risk abrogation value of the selected security enhancement, until; granting access to the user, pursuant to the revised security settings, to the enterprise secure data from the off-site location, in response to determining that the revised risk factor meets the at least one off-site access threshold value;
ordenying access to the user to the enterprise secure data from the off-site location, in response to determining that there is no additional at least one security enhancement applicable to the user and not enabled within the security settings. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system, comprising:
-
a processor; a computer readable memory in circuit communication with the processor; and a computer readable storage medium in circuit communication with the processor; wherein the processor executes program instructions stored on the computer-readable storage medium via the computer readable memory and thereby; determines risk values for respective ones of a plurality of different attributes of a user, wherein the risk values each represent a likelihood of loss of secure data of an enterprise as a function of association of the respective one of the plurality of different attributes with the user; adds the risk values together to generate a risk factor for the user; in response to a determination that the risk factor meets at least one off-site access threshold value, applies security settings associated with the user and grants access, pursuant to the applied security settings, to the enterprise secure data by the user from an off-site location of the user that is not within a local network of the enterprise; in response to a determination that the risk factor does not meet the at least one off-site access threshold value, determines whether at least one additional security enhancement is applicable to the user and not enabled within the applied security settings; and in response to a determination that at least one additional security enhancement is applicable to the user and not within the applied security settings, iteratively selects one of the at least one additional security enhancements that is applicable to the user and not enabled within the applied security settings, revises the security settings by enabling the selected security enhancement, and revises the risk factor by a risk abrogation value of the selected security enhancement, until; granting access to the user, pursuant to the revised security settings, to the enterprise secure data from the off-site location, in response to determining that the revised risk factor meets the at least one off-site access threshold value;
ordenying access to the user to the enterprise secure data from the off-site location, in response to determining that there is no additional at least one security enhancement applicable to the user and not enabled within the security settings. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computer program product for dynamically setting enterprise-level security rules as function of assessing risk factors associated with a user, the computer program product comprising:
-
a computer readable storage device having computer readable program code embodied therewith, wherein the computer readable storage device is not a transitory signal per se, the computer readable program code comprising instructions for execution by a processor that cause the processor to; determine risk values for respective ones of a plurality of different attributes of a user, wherein the risk values each represent a likelihood of loss of secure data of an enterprise as a function of association of the respective one of the plurality of different attributes with the user; add the risk values together to generate a risk factor for the user; in response to a determination that the risk factor meets at least one off-site access threshold value, apply security settings associated with the user and grant access, pursuant to the applied security settings, to the enterprise secure data by the user from an off-site location of the user that is not within a local network of the enterprise; in response to a determination that the risk factor does not meet the at least one off-site access threshold value, determine whether at least one additional security enhancement is applicable to the user and not enabled within the applied security settings; and in response to a determination that at least one additional security enhancement is applicable to the user and not within the applied security settings, iteratively select one of the at least one additional security enhancements that is applicable to the user and not enabled within the applied security settings, revise the security settings by enabling the selected security enhancement, and revise the risk factor by a risk abrogation value of the selected security enhancement, until; granting access to the user, pursuant to the revised security settings, to the enterprise secure data from the off-site location, in response to determining that the revised risk factor meets the at least one off-site access threshold value;
ordenying access to the user to the enterprise secure data from the off-site location, in response to determining that there is no additional at least one security enhancement applicable to the user and not enabled within the security settings. - View Dependent Claims (18, 19, 20)
-
Specification