Method and apparatus for establishing a security policy, and method and apparatus for supporting establishment of security policy
First Claim
Patent Images
1. A method of generating a security policy for an organization, comprising:
- receiving a field of business identifier;
receiving an indicator of rigorousness;
generating security rules from a stored knowledge base based on the indicator of rigorousness;
generating inquiries regarding the security rules based on the field of business identifier and the indicator of rigorousness;
transmitting the generated inquiries to at least one user;
receiving input from the at least one user in response to the transmitted inquiries;
adjusting the security rules based on the received input and the indicator of rigorousness; and
outputting the security policy that includes the security rules,wherein the security policy includes settings of individual equipment components within the organization that implements the security policy.
1 Assignment
0 Petitions
Accused Products
Abstract
There are provided a method of efficiently establishing a security policy and an apparatus for supporting preparation of a security policy. According to a method of establishing a security policy in six steps, a simple security policy draft is first prepared. The security policy draft is adjusted so as to match realities of an organization, as required, thus completing a security policy stepwise. Therefore, a security policy can be established in consideration of a schedule or budget of the organization.
326 Citations
39 Claims
-
1. A method of generating a security policy for an organization, comprising:
-
receiving a field of business identifier; receiving an indicator of rigorousness; generating security rules from a stored knowledge base based on the indicator of rigorousness; generating inquiries regarding the security rules based on the field of business identifier and the indicator of rigorousness; transmitting the generated inquiries to at least one user; receiving input from the at least one user in response to the transmitted inquiries; adjusting the security rules based on the received input and the indicator of rigorousness; and outputting the security policy that includes the security rules, wherein the security policy includes settings of individual equipment components within the organization that implements the security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An apparatus for generating a security policy for an organization, comprising:
-
means for receiving a field of business identifier; means for receiving an indicator of rigorousness; means for generating security rules from a stored knowledge base based on the indicator of rigorousness; means for generating inquiries regarding the security rules based on the field of business identifier and the indicator of rigorousness; means for transmitting the generated inquiries to at least one user; means for receiving input from the at least one user in response to the transmitted inquiries; means for adjusting the security rules based on the received input and the indicator of rigorousness; and means for outputting the security policy that includes the security rules, wherein the security policy includes settings of individual equipment components within the organization that implements the security policy. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A storage medium storing a set of program instructions executable on a data processing device and usable for generating a security policy for an organization, comprising:
-
instructions for receiving a field of business identifier; instructions for receiving an indicator of rigorousness; instructions for generating security rules from a stored knowledge base based on the indicator of rigorousness; instructions for generating inquiries regarding the security rules based on the field of business identifier and the indicator of rigorousness; instructions for transmitting the generated inquiries to at least one user; instructions for receiving input from the at least one user in response to the transmitted inquiries; instructions for adjusting the security rules based on the received input and the indicator of rigorousness; and instructions for outputting the security policy that includes the security rules, wherein the security policy includes settings of individual equipment components within the organization that implements the security policy. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
-
Specification