Method and system for configuring and scheduling security audits of a computer network

US 7,340,776 B2
Filed: 01/31/2002
Issued: 03/04/2008
Est. Priority Date: 01/31/2001
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for configuring and scheduling a security audit of a computer network comprising the steps of:

conducting a discovery scan to identify an element of the computer network and determine the element'"'"'s functions and assigning an asset value for the element wherein the asset value indicates the relative importance of the element in the network;

configuring an audit scan to perform on the element, wherein the audit scan is a broader scan than the discovery scan;

scheduling a time to perform the audit scan on the element;

running the audit scan of the element at the scheduled time;

calculating a security score for the element based on the audit scan by summing one or more vulnerabilities associated with the element; and

scheduling another time to repeat the audit scan on the element, the scheduling based on the results of the audit scan and the security score.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Managing the selection and scheduling of security audits run on a computing network. The computer network is surveyed by a security audit system to determine the function and relative importance of the elements in the network. Based on function and priority, a more thorough type of security audit is selected to run against each of the network elements by the security audit system. The security audit can also be automatically scheduled based on the information gathered from the survey. Once the system runs the security audit, a vulnerability assessment can be calculated for each element in the network. The vulnerability assessment can be presented in a format that facilitates interpretation and response by someone operating the system. The vulnerability assessment can also be used to configure and schedule future security audits.

518 Citations

19 Claims

1. A computer-implemented method for configuring and scheduling a security audit of a computer network comprising the steps of:
- conducting a discovery scan to identify an element of the computer network and determine the element'"'"'s functions and assigning an asset value for the element wherein the asset value indicates the relative importance of the element in the network;
  
  configuring an audit scan to perform on the element, wherein the audit scan is a broader scan than the discovery scan;
  
  scheduling a time to perform the audit scan on the element;
  
  running the audit scan of the element at the scheduled time;
  
  calculating a security score for the element based on the audit scan by summing one or more vulnerabilities associated with the element; and
  
  scheduling another time to repeat the audit scan on the element, the scheduling based on the results of the audit scan and the security score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising the step of configuring a subsequent audit scan of the element that is different from the audit scan.
  - 3. The method of claim 1, further comprising the step of receiving a blackout time during which no audit scan can be scheduled.
  - 4. The method of claim 1, wherein the step of conducting a discovery scan further comprises identifying the function of the element.
  - 5. The method of claim 1, wherein the step of conducting a discovery scan further comprises identifying the one or more vulnerabilities associated with the element.
  - 6. The method of claim 1, wherein the asset value is modified based on the audit scan.
  - 7. The method of claim 1, further comprising the step of receiving a manually selected asset value for the element.
  - 8. The method of claim 1, wherein the step of configuring an audit scan comprises selecting a type of audit scan based on the discovery scan.
  - 9. The method of claim 1, wherein the step of configuring an audit scan comprises:
    - retrieving an asset value based on the discovery scan;
      
      retrieving a scan frequency associated with the asset value, wherein the scan frequency indicates how often the scan is performed;
      
      assigning a role based on the discovery scan, wherein the role indicates the function of the element; and
      
      assigning a policy based on the discovery scan, wherein the policy indicates the type of audit scan.
  - 10. The method of claim 1, wherein the step of configuring an audit scan comprises manually selecting the type of audit scan.

11. A computer prepare product for implementing security for a computing device, said computer program product comprising:
- a computer readable medium having encoded therein;
  
  first program instructions to conduct a discovery scan to identify an element of the computer network and determine the element'"'"'s functions and assign an asset value for the element, wherein the asset value indicates the relative importance of the element in the network;
  
  second program instructions to configure an audit scan to perform on the element, wherein the audit scan is a broader scan than the discovery scan;
  
  third program instructions to schedule a time to perform the audit scan on the element;
  
  fourth program instructions to run the audit scan of the element at the scheduled time;
  
  fifth program instructions to calculate a security score for the element based on the audit scan by summing one or more vulnerabilities associated with the element; and
  
  sixth program instructions to schedule another time to repeat the audit scan on the element, the scheduling based on the results of the audit scan and the security score.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer program product of claim 11, further comprising seventh program instructions to configure a subsequent audit scan of the element that is different from the audit scan.
  - 13. The computer program product of claim 11, further comprising eighth program instructions to receive a blackout time during which no audit scan can be scheduled.
  - 14. The computer program product of claim 11, wherein the first program instructions further comprise instructions to identify the function of the element.
  - 15. The computer program product of claim 11, wherein the first program instructions further comprise instructions to identify the one or more vulnerabilities associated with the element.
  - 16. The computer program product of claim 11, further comprising ninth program instructions to modify the asset value based on the audit scan.
  - 17. The computer program product of claim 11, further comprising tenth program instructions to receive a manually selected asset value for the element.
  - 18. The computer program product of claim 11, wherein the second program instructions further comprise instructions to select a type of audit scan based on the discovery scan.
  - 19. The computer program product of claim 11, wherein the second program instructions further comprise instructions to:
    - retrieve an asset value based on the discovery scan;
      
      retrieve a scan frequency associated with the asset value, wherein the scan frequency indicates how often the scan is performed;
      
      assign a role based on the discovery scan, wherein the role indicates the function of the element; and
      
      assign a policy based on the discovery scan, wherein the policy indicates the type of audit scan.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Finjan Blue, Inc. (SoftBank Group Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Singer, Christopher S., Nesfeder, Jr., David Gerald, Millar, Sharon A., Dodd, Timothy David, Zobel, Robert David
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
SHAW, YIN CHEN

Application Number

US10/066,367
Publication Number

US 20020104014A1
Time in Patent Office

2,224 Days
Field of Search

713/200, 713/201, 713188-189, 709223-226, 702/186, 714/47, 714/37, 718/103, 726 22- 25, 706 45- 47, 706/52
US Class Current

726/24
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

Method and system for configuring and scheduling security audits of a computer network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

518 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for configuring and scheduling security audits of a computer network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

518 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links