End user risk management
First Claim
Patent Images
1. A method of generating a risk score associated with an end user of a computer system, the method comprising:
- assessing a data risk associated with each piece of electronically available information accessible by an end user of a computer system, the data risk based in part on a value associated with the electronically available information;
monitoring interactions between the end user and the computer system used by the end user to access the electronically available information, each interaction associated with a risk measured by a risk metric;
calculating a risk score for the end user, the risk score based upon the data risk associated with each piece of electronically available information and the risk metric associated with the monitored interactions;
informing the end user of the computer system of the calculated risk score; and
displaying the risk score to the end user.
9 Assignments
0 Petitions
Accused Products
Abstract
A flexible, efficient and easy-to-use computer security management system effectively evaluates and responds to informational risks on a wide variety of computing platforms and in a rapidly changing network environment. An individual computer system dynamically monitors its end user, without regard to network connectivity, in order to calculate a risk score and to ensure that the end user'"'"'s behavior does not put corporate information or other assets at risk. Data regarding such risks and responses are analyzed and stored in real-time.
-
Citations
12 Claims
-
1. A method of generating a risk score associated with an end user of a computer system, the method comprising:
-
assessing a data risk associated with each piece of electronically available information accessible by an end user of a computer system, the data risk based in part on a value associated with the electronically available information; monitoring interactions between the end user and the computer system used by the end user to access the electronically available information, each interaction associated with a risk measured by a risk metric; calculating a risk score for the end user, the risk score based upon the data risk associated with each piece of electronically available information and the risk metric associated with the monitored interactions; informing the end user of the computer system of the calculated risk score; and displaying the risk score to the end user. - View Dependent Claims (2, 3, 4, 5, 6, 8, 9, 10)
-
-
7. A method of evaluating a risk which an end user poses to electronically available information, comprising:
-
(a) assessing asset values for each piece of electronically available information to which the end user has access, the asset values based in part on a value associated with the electronically available information; (b) monitoring the end user'"'"'s interactions with a computer system through which the end user accesses the electronically available information; (c) calculating a risk score in real time for the end user based upon the assessed asset values associated with each piece of electronically available information and the end user'"'"'s interactions, the risk score indicative of the risk that the end user poses to the electronically available information; (d) displaying the risk score to the end user; and (e) returning to step (a), and repeating at least steps (a) through (e) to evaluate the risk posed by the real time interactions between the end user and the computer system.
-
-
11. A system for evaluating risk, the system comprising:
-
a plurality of client computers in communication with a server via a network, each of the client computers responsive to input generated by an end user; a security agent on each of the client computers, the security agent configured to; monitor interactions between the end user and one of either a second client computer and the server, assign a data risk to electronically available information accessible by the end user, the data risk based in part on a value associated with the electronically available information, generate a risk score for the end user, the risk score based upon interactions between the end user and the one of either the second client computer and the server, and the data risk assigned to the electronically available information, detect an end user action posing a security risk to the one of either the second client computer and the server, update, in real time, the risk score in response to detection of the end user action, and display the risk score to the end user. - View Dependent Claims (12)
-
Specification