Dynamic security policy through use of empirical security events

US 7,647,622 B1
Filed: 04/22/2005
Issued: 01/12/2010
Est. Priority Date: 04/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

logging risk factors occurring on a first computer system over time, said risk factors including activity of a user using said first computer system;

dynamically generating a risk profile based on at least one of said risk factors, said risk profile associated with said user;

dynamically updating said risk profile based on said logging;

dynamically setting a security policy of said first computer system based on at least a portion of said risk profile;

storing said risk profile at a memory location accessible by said first computer system and a second computer system;

dynamically accessing said risk policy from said second computer system upon assignment of said user to said second computer system; and

dynamically setting a security policy of said second computer system based on at least a portion of said risk profile.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Risk events occurring on a computer system are logged over time and a risk profile is dynamically generated and updated based on the logged risk events. In one embodiment, a security policy is dynamically set and updated based on the risk profile.

Citations

17 Claims

1. A method comprising:
- logging risk factors occurring on a first computer system over time, said risk factors including activity of a user using said first computer system;
  
  dynamically generating a risk profile based on at least one of said risk factors, said risk profile associated with said user;
  
  dynamically updating said risk profile based on said logging;
  
  dynamically setting a security policy of said first computer system based on at least a portion of said risk profile;
  
  storing said risk profile at a memory location accessible by said first computer system and a second computer system;
  
  dynamically accessing said risk policy from said second computer system upon assignment of said user to said second computer system; and
  
  dynamically setting a security policy of said second computer system based on at least a portion of said risk profile.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - dynamically setting one or more default initial security settings on said first and second computer systems based on at least a portion of said risk profile.
  - 3. The method of claim 1, further comprising:
    - prioritizing virus definition distribution to said first and second computer systems based on at least a portion of said risk profile.
  - 4. The method of claim 1, further comprising:
    - performing an initial security assessment of said first and second computer systems.
  - 5. The method of claim 1, wherein said risk profile includes one or more risk categories.
  - 6. The method of claim 5, wherein each of said one or more risk categories includes a risk measure.
  - 7. The method of claim 5, wherein said risk factors are associated with one or more of said one or more risk categories.
  - 8. The method of claim 1, wherein said dynamically generating a risk profile comprises:
    - generating one or more risk categories based on some or all of said risk factors, wherein said one or more risk categories collectively represent said risk profile.
  - 9. The method of claim 1, further comprising:
    - making at least a portion of said risk profile available for use by applications in said dynamically setting a security policy.
  - 10. The method of claim 1, further comprising:
    - tagging each of said risk factors with an identifier corresponding to at least one of a group consisting of a risk category, a computer system, a user, and a network.
  - 11. The method of claim 1, further comprising:
    - utilizing at least a portion of said risk profile to select a warning message displayed to said user.
  - 12. The method of claim 1, wherein said risk factors are logged to a risk profile database.
  - 13. The method of claim 1, further comprising:
    - making at least a portion of said risk profile available for use by applications in decision making.

14. A computer-program product comprising a computer readable storage medium containing computer program code for implementing a method comprising:
- logging risk factors occurring on a first computer system over time, said risk factors including activity of a user using said first computer system;
  
  dynamically generating a risk profile based on at least one of said risk factors, said risk profile associated with said user;
  
  dynamically updating said risk profile based on said logging;
  
  dynamically setting a security policy of said first computer system based on at least a portion of said risk profile;
  
  storing said risk profile at a memory location accessible by said first computer system and a second computer system;
  
  dynamically accessing said risk policy from said second computer system upon assignment of said user to said second computer system; and
  
  dynamically setting a security policy of said second computer system based on at least a portion of said risk profile.
- View Dependent Claims (15)
- - 15. The computer-program product of claim 14, wherein the method further comprises:
    - making at least a portion of said risk profile available for use by applications in decision making.

16. A security product comprising:
- a memory;
  
  a processor coupled to said memory;
  
  a dynamic security policy application for logging risk factors occurring on a first computer system over time, said risk factors including activity of a user using said first computer system;
  
  said dynamic security policy application further for dynamically generating a risk profile based on at least one of said risk factors, said risk profile associated with said user;
  
  said dynamic security policy application further for dynamically updating said risk profile based on said logging;
  
  said dynamic security policy application further for dynamically setting a security policy of said first computer system based on at least a portion of said risk profile;
  
  said dynamic security policy application further for storing said risk profile at a memory location accessible by said first computer system and a second computer system;
  
  said dynamic security policy application further for dynamically accessing said risk policy from said second computer system upon assignment of said user to said second computer system; and
  
  said dynamic security policy application further for dynamically setting a security policy of said second computer system based on at least a portion of said risk profile.

17. A method comprising:
- logging risk factors occurring on a computer system over time, said risk factors including activity of a first user and a second user using said computer system;
  
  dynamically generating a first risk profile associated with said first user and a second risk profile associated with said second user based on said risk factors;
  
  dynamically accessing said first risk profile upon assignment of said first user to said computer system;
  
  dynamically setting a first security policy for said computer system based on said first risk profile;
  
  dynamically accessing said second risk profile upon assignment of said second user to said computer system; and
  
  dynamically setting a second security policy for said computer system based on said second risk profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sobel, William E., McCorkendale, Bruce
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Fields; Courtney D

Application Number

US11/112,192
Time in Patent Office

1,726 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

H04L 63/1425 Traffic logging, e.g. anoma...

H04L 63/20 for managing network securi...

Dynamic security policy through use of empirical security events

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic security policy through use of empirical security events

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links