Network policy management and effectiveness system
First Claim
Patent Images
1. A method for dynamically assisting a system administrator of a computer network in upgrading compliance policy based on behavior of system users, the method comprising the steps of:
- storing in a database a plurality of compliance policy options;
developing an initial compliance policy option potentially applicable to network users;
automatically evaluating over time the appropriateness of the initial compliance policy option based on the potentially evolving compliance history of users;
automatically compiling and providing to the system administrator over time a dynamic knowledge base comprising automated network user policy compliance violation documentation;
automatically determining from the knowledge base policy compliance violation documentation that the initial compliance policy option is ineffective;
automatically selecting from the database and recommending to the system administrator an alternate compliance policy option; and
automatically requesting that the system administrator confirm the chance to the alternate compliance policy option, whereby compliance policy options are dynamically altered and provided to the system administrator in order to eliminate ineffective compliance policy options.
16 Assignments
0 Petitions
Accused Products
Abstract
A method, apparatus, and article of manufacture for maintaining policy compliance on a computer network is provided. The method provides the steps of electronically monitoring network user compliance with a network security policy stored in a database, electronically evaluating network security policy compliance based on network user compliance, and electronically undertaking a network policy compliance action in response to network security policy compliance.
-
Citations
12 Claims
-
1. A method for dynamically assisting a system administrator of a computer network in upgrading compliance policy based on behavior of system users, the method comprising the steps of:
-
storing in a database a plurality of compliance policy options;
developing an initial compliance policy option potentially applicable to network users;
automatically evaluating over time the appropriateness of the initial compliance policy option based on the potentially evolving compliance history of users;
automatically compiling and providing to the system administrator over time a dynamic knowledge base comprising automated network user policy compliance violation documentation;
automatically determining from the knowledge base policy compliance violation documentation that the initial compliance policy option is ineffective;
automatically selecting from the database and recommending to the system administrator an alternate compliance policy option; and
automatically requesting that the system administrator confirm the chance to the alternate compliance policy option, whereby compliance policy options are dynamically altered and provided to the system administrator in order to eliminate ineffective compliance policy options. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
electronically generating a network security policy compliance value based on monitoring network user compliance for a plurality of network users;
electronically comparing the compliance value to a target compliance value, wherein the target compliance value defines a baseline for network security compliance; and
undertaking a network policy compliance action based on a difference between the compliance value and the target compliance value.
-
-
3. The method of claim 2, wherein the compliance option is selected from a group comprising:
-
electronically implementing a different network security policy selected from network security policies stored in the database;
generating at least one policy effectiveness reports; and
providing a retaining module to network users.
-
-
4. The method of claim 1, further comprising the step of electronically undertaking a user compliance action in response to evaluating network users'"'"' compliance with a network security policy.
-
5. The method of claim 4, wherein the evaluating step comprises the steps of:
-
generating a network security policy compliance value based on monitoring network user compliance; and
comparing the compliance value to a target compliance value, wherein the target compliance value defines a baseline for network security policy compliance; and
wherein the undertaking step is based on a difference between the compliance value and the target compliance value.
-
-
6. The method of claim 5, wherein the user compliance option is selected from a group comprising:
-
notifying a network user;
notifying a policy administrator;
providing a retraining module to the network user; and
restricting the network user'"'"'s network access rights.
-
-
7. The method of claim 3, wherein at least one network security policy has a security level identifier identifying the relative restrictiveness of the policy, wherein the implementing step includes the step of electronically selecting a network security policy based on the security level identifier.
-
8. The method of claim 1, further comprising the step of interactively generating a network security policy, the generating step comprising the steps of:
-
electronically providing a suggested network security policy to a plurality of network users;
electronically receiving a modified network security policy from at least one of the network users;
electronically providing at least one of the modified policies to the network users; and
receiving a group modified policy from the network users.
-
-
9. The method of claim 1, further comprising the steps of:
-
electronically monitoring network user compliance with the compliance policy, including the steps of;
electronically providing a network policy exam to a network user;
electronically receiving exam answers from the network user electronically evaluating the exam results to generate an evaluation score;
notifying the network user of the evaluation score; and
storing the evaluation score in a database.
-
-
10. The method of claim 1, wherein the compliance policy comprises:
-
a network hardware policy;
an email policy;
an internet policy;
a software license policy;
a document management system policy; and
a network security enforcement policy.
-
-
11. An apparatus for dynamically assisting a system administrator of a computer network in upgrading compliance policy based on behavior of system users, the apparatus comprising:
-
a computer system comprising at least one processor and at least one memory, the computer system being adapted and arranged for;
storing in a database a plurality of compliance policy options;
developing an initial compliance policy option potentially applicable to network users;
automatically evaluating over time the appropriateness of the initial compliance policy option based on the potentially evolving compliance history of users;
automatically compiling and providing to the system administrator over time a dynamic knowledge base comprising automated network user policy compliance violation documentation;
automatically determining from the knowledge base policy compliance violation documentation that the initial compliance policy option is ineffective;
automatically selecting from the database and recommending to the system administrator an alternate compliance policy option; and
automatically requesting that the system administrator confirm the change to the alternate compliance policy option, whereby compliance policy options are dynamically altered and provided to the system administrator in order to eliminate ineffective compliance policy options.
-
-
12. An article of manufacture for dynamically assisting a system administrator of a computer network in upgrading compliance policy based on behavior of system users, the article of manufacture comprising a computer-readable storage medium having a computer program embodied therein that causes the computer network to perform the steps of:
-
storing in a database a plurality of compliance policy options;
developing an initial compliance policy option potentially applicable to network users;
automatically evaluating over time the appropriateness of the initial compliance policy option based on the potentially evolving compliance history of users;
automatically compiling and providing to the system administrator over time a dynamic knowledge base comprising automated network user policy compliance violation documentation;
automatically determining from the knowledge base policy compliance violation documentation that the initial compliance policy option is ineffective;
automatically selecting from the database and recommending to the system administrator an alternate compliance policy option; and
automatically requesting that the system administrator confirm the chance to the alternate compliance policy option, whereby compliance policy options are dynamically altered and provided to the system administrator in order to eliminate ineffective compliance policy options.
-
Specification