Method and system for automated risk management of rule-based security
First Claim
Patent Images
1. A method for automated risk management, comprising:
- presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for creating a rule to be used for determining access to a system;
determining a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information;
permitting the rule to be reviewed and approved based on the risk rating score; and
permitting control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI and implementation of the rule.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for automated risk management may include presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for a rule. The method may also include determining a risk rating score for the rule based on information entered in the rule request GUI. The information may include at least one of source information, destination information, service information and port information.
21 Citations
40 Claims
-
1. A method for automated risk management, comprising:
-
presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for creating a rule to be used for determining access to a system; determining a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information; permitting the rule to be reviewed and approved based on the risk rating score; and permitting control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI and implementation of the rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for automated risk management, comprising:
-
presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for creating a rule to be used for determining access to a system; determining a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information; permitting control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI; sending an expiration notification to the requester or a surrogate a predetermined time period prior to an expiration date of a rule; and determining a validity of termination of the rule prior to disabling the rule. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A system for automated risk management, comprising:
-
a processor; a data structure operable on the processor to present a rule request GUI for a requester to enter information related to a rule request for creating a rule to be used for determining access to a system; a data structure operable on the processor to determine a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information; and a data structure operable on the processor to permitting control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer program product for automated risk management, the computer program product comprising:
-
a computer readable medium having computer readable program code embodied therein, the computer readable medium including; computer readable program code configured to present a rule request GUI for a requester to enter information related to a rule request for a rule to be used for determining access to a system; computer readable program code configured to determine a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information; and computer readable program code configured to permit control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI. - View Dependent Claims (34, 35, 36, 37, 38, 39)
-
-
40. A method for automated risk management, comprising:
-
presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for creating a rule to be used for determining access to a system; determining a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information; and permitting control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI.
-
Specification