Trusted and anonymous system and method for sharing threat data to industry assets
First Claim
1. A method for allowing sharing of information associated with threats to industry assets, comprises:
- establishing a secured database comprised of threat data;
allowing predetermined entities access to said database;
augmenting the database with additional threat data received anonymously from at least one of a plurality of sources; and
notifying at least some of said predetermined entities of additional threat data received and augmented to the database, whereby said predetermined entities will know to access the database if it is desired to learn more about the threat data wherein said threat data received anonymously is reviewed for specific information which may accidentally identify the source of the threat data, and said specific information is then removed from the threat data before augmenting the database.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method serves to anonymously share information about security incidents and vulnerability in corporate and national information infrastructures. The method and system provides for submitting information and categorizing the corresponding data in a secure manner in which the submitting party'"'"'s anonymity is ensured. A secure facility such as a data center is established that provides for authenticated and, where appropriate, anonymous input, ensuring availability of information associated with threats to industry assets and the available resolutions or solutions. The information may be shared securely through, for example, the World Wide Web, between authorized organizations.
-
Citations
19 Claims
-
1. A method for allowing sharing of information associated with threats to industry assets, comprises:
-
establishing a secured database comprised of threat data;
allowing predetermined entities access to said database;
augmenting the database with additional threat data received anonymously from at least one of a plurality of sources; and
notifying at least some of said predetermined entities of additional threat data received and augmented to the database, whereby said predetermined entities will know to access the database if it is desired to learn more about the threat data wherein said threat data received anonymously is reviewed for specific information which may accidentally identify the source of the threat data, and said specific information is then removed from the threat data before augmenting the database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for allowing sharing of information associated with threats to industry assets, comprising:
-
a data center comprised of a secured database containing threat data stored thereon;
a communications interface for allowing predetermined entities access to said database;
a temporary database store for storing additional threat data received anonymously from at least one of a plurality of sources for allowing review and classification of said additional threat data;
said secured database being connected to said temporary database store for allowing said additional threat data to be stored on the secured database once it has been reviewed and classified; and
an electronic notification system for notifying at least some of said selected entities about additional threat data stored on the secured database, whereby said selected entities will know to access the secured database if the additional threat data stored thereon is of interest wherein said threat data received anonymously is reviewed for specific information which may accidentally identify the source of the threat data, and said specific information is then removed from the threat data before storing the threat data in the secured database. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification