Method and system for automated risk management of rule-based security

US 7,496,964 B2
Filed: 11/23/2004
Issued: 02/24/2009
Est. Priority Date: 11/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method for automated risk management, comprising:

presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for creating a rule to be used for determining access to a system;

determining a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information;

permitting the rule to be reviewed and approved based on the risk rating score; and

permitting control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI and implementation of the rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for automated risk management may include presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for a rule. The method may also include determining a risk rating score for the rule based on information entered in the rule request GUI. The information may include at least one of source information, destination information, service information and port information.

21 Citations

View as Search Results

40 Claims

1. A method for automated risk management, comprising:
- presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for creating a rule to be used for determining access to a system;
  
  determining a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information;
  
  permitting the rule to be reviewed and approved based on the risk rating score; and
  
  permitting control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI and implementation of the rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising escalating review of the rule request to predetermined levels of management based on the predetermined level or range of the risk rating score.
  - 3. The method of claim 1, wherein determining the risk rating score comprises at least one of:
    - determining a source field score;
      
      determining a destination field score; and
      
      determining a service field score.
  - 4. The method of claim 3, wherein determining a source field score comprises:
    - setting the source field score to a predetermined number in response to a requester entering an indication of any source in a source field of the rule request GUI;
      
      setting the source field score to a number that is a function of a source host multiplier multiplied by a difference between a maximum source host threshold and a number of source hosts entered by the requester in a source field of the rule request GUI, in response to the number of source hosts entered by the requester exceeding the maximum source host threshold; and
      
      setting the source field score to the number of source hosts entered by the requester in the source field in response to the number of source hosts being less than the maximum source host threshold.
  - 5. The method of claim 3, wherein determining the destination field score comprises:
    - setting the destination field score to a predetermined number in response to a requester entering an indication of any destination in a destination field of the rule request GUI;
      
      setting the destination field score to a number that is a function of a destination host multiplier multiplied by a difference between a maximum destination host threshold and a number of destination hosts entered by the requester in the destination field of the rule request GUI, in response to the number of destination hosts entered by the requester exceeding the maximum destination host threshold; and
      
      setting the destination field score to the number of destination hosts entered by the requester in the destination field in response to the number of destination hosts being less than the maximum destination host threshold.
  - 6. The method of claim 3, wherein determining the service field score comprises:
    - setting the service field score to a predetermined number in response to a requester entering an indication of any service in a service field of the rule request GUI;
      
      setting the service field score to a number that is a function of a number of ports entered by the requester in the service field multiplied by a predetermined port multiplier corresponding to a specific type of service entered or selected by the requester in the rule request GUI;
      
      subtracting a maximum service threshold from the service field score to provide a final service field score in response to the service field score exceeding the maximum service threshold.
  - 7. The method of claim 3, wherein determining the risk rating score comprises determining a product of the source field score, the destination score and the service field score.
  - 8. The method of claim 1, further comprising adding a bidirectional value to the risk rating score in response to the rule request being bidirectional.
  - 9. The method of claim 8, further comprising determining a bidirectional value by multiplying a bidirectional multiplier times a number of bidirectional objects in a source field and a destination field of the rule request GUI.
  - 10. The method of claim 1, further comprising adding a log value to the risk rating score in response to not logging traffic related to the rule.
  - 11. The method of claim 1, further comprising presenting a list of authorized requesters to a user in response to the user not being an authorized requester.
  - 12. The method of claim 11, further comprising presenting a request to become an authorized requester GUI form to the user in response to no authorized requester being associated with the user.
  - 13. The method of claim 1, further comprising requiring a requester to enter an expiration date that does not exceed a selected time period in the rule request.
  - 14. The method of claim 13, further comprising generating a notification of pending review of the rule prior to the expiration date of the rule.
  - 15. The method of claim 13, further comprising presenting a GUI to submit a new expiration date and justification for the rule in response to the rule still being needed.
  - 16. The method of claim 13, further comprising providing a traffic log to search for traffic associated with the rule.
  - 17. The method of claim 13, further comprising:
    - disabling the rule in response to the rule no longer being needed; and
      
      providing a termination log to enter information related to the rule in response to the rule being disabled.
  - 18. The method of claim 1, further comprising implementing or not implementing the rule in response to a predetermined level or range of the risk rating score.

19. A method for automated risk management, comprising:
- presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for creating a rule to be used for determining access to a system;
  
  determining a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information;
  
  permitting control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI;
  
  sending an expiration notification to the requester or a surrogate a predetermined time period prior to an expiration date of a rule; and
  
  determining a validity of termination of the rule prior to disabling the rule.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19, wherein determining a validity of termination comprises:
    - determining if the rule is still needed; and
      
      reviewing a traffic log for traffic related to the rule.
  - 21. The method of claim 19, further comprising entering information related to the rule in a termination log in response to disabling the rule.
  - 22. The method of claim 19, further comprising:
    - contacting the requester to enter a new expiration date in response to the rule still being needed and a new expiration date not having been entered; and
      
      implementing the rule with a new expiration date in response to a new expiration date being entered.
  - 23. The method of claim 19, further comprising sending a notification of termination of the rule to the requester in response to the rule being disabled.

24. A system for automated risk management, comprising:
- a processor;
  
  a data structure operable on the processor to present a rule request GUI for a requester to enter information related to a rule request for creating a rule to be used for determining access to a system;
  
  a data structure operable on the processor to determine a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information; and
  
  a data structure operable on the processor to permitting control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
- - 25. The system of claim 24, further comprising:
    - a data structure operable on the processor to present the risk rating score to the requester; and
      
      a data structure operable on the processor to permit the requester to edit information entered in the rule request GUI to obtain a lower risk rating score.
  - 26. The system of claim 24, further comprising a data structure operable on the processor to escalate a review of the rule request to a predetermined level of management based on a predetermined level or range of the risk rating score.
  - 27. The system of claim 24, wherein the data structure operable on the processor to determine the risk rating score comprises at least one of:
    - a data structure operable on the processor to determine a source field score;
      
      a data structure operable on the processor to determine a destination field score; and
      
      a data structure operable on the processor to determine a service field score.
  - 28. The system of claim 27, wherein the data structure operable on the processor to determine the risk rating score comprises a data structure to determine a product of the source field score, the destination field score and the service field score.
  - 29. The system of claim 24, further comprising a data structure operable on the processor to generate and send a notification of a pending review of the rule prior to an expiration date of the rule.
  - 30. The system of claim 29, further comprising a data structure operable on the processor to provide a GUI to submit a new expiration date and justification for the rule in response to the rule still being needed after a review of the rule.
  - 31. The system of claim 29, further comprising:
    - a data structure operable on the processor to disable the rule in response to the rule no longer being needed; and
      
      a termination log to enter information related to the rule in response to the rule being disabled.
  - 32. The system of claim 24, further comprising a traffic log to log traffic related to the rule.

33. A computer program product for automated risk management, the computer program product comprising:
- a computer readable medium having computer readable program code embodied therein, the computer readable medium including;
  
  computer readable program code configured to present a rule request GUI for a requester to enter information related to a rule request for a rule to be used for determining access to a system;
  
  computer readable program code configured to determine a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information; and
  
  computer readable program code configured to permit control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI.
- View Dependent Claims (34, 35, 36, 37, 38, 39)
- - 34. The computer program product of claim 33, further comprising computer readable program code configured to escalate a review of the rule request to a predetermined level of management based on a predetermined level or range of the risk rating score.
  - 35. The computer program product of claim 33, further comprising:
    - computer readable program code configured to present the risk rating score to the requester; and
      
      computer readable program code configured to permit the requester to edit information entered in the rule request GUI to obtain a lower risk rating score.
  - 36. The computer program product of claim 33, wherein the computer readable program code configured to determine a risk rating score comprises at least one of:
    - computer readable program code configured to determine a source field score;
      
      computer readable program code configured to determine a destination field score; and
      
      computer readable program code configured to determine a service field score.
  - 37. The computer program product of claim 36, wherein the computer readable program code configured to determine a risk rating score further comprises computer readable program code configured to determine the risk rating score based on the source field score, the destination field score and the service field score.
  - 38. The computer program product of claim 33, further comprising computer readable program code configured to generate and send a notification of a pending review of the rule prior to an expiration date of the rule.
  - 39. The computer program product of claim 38, further comprising computer readable program code configured to provide a GUI to submit a new expiration date and justification for the rule in response to the rule still being needed after a review of the rule.

40. A method for automated risk management, comprising:
- presenting a rule request graphical user interface (GUI) for a requester to enter information related to a rule request for creating a rule to be used for determining access to a system;
  
  determining a risk rating score for the rule before implementation based on information entered in the rule request GUI, wherein the GUI includes a field for each of source information, destination information, service information and port information; and
  
  permitting control of traffic and data between sources and destinations and a type of service for such traffic and data based on information entered into the rule request GUI.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Sankaran, Arun, Barve, Ajay, Murray, Christina, Renfro, Chad
Primary Examiner(s)
Smithers, Matthew B
Assistant Examiner(s)
Fields, Courtney D

Application Number

US10/904,695
Publication Number

US 20060129587A1
Time in Patent Office

1,554 Days
Field of Search

726/22, 726/25, 705/38
US Class Current

726/25
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06Q 40/03   Credit; Loans; Processing t...

H04L 63/0263   Rule management

H04L 63/105   Multiple levels of security

Method and system for automated risk management of rule-based security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for automated risk management of rule-based security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links