Reviewing effectiveness of communication rules system
First Claim
1. A computerized method executable by a processor of a computing device for evaluating a rules system, said rules system applying one or more rules to communication traffic of a group of users for conforming the communication traffic to a communications policy, said method comprising:
- analyzing a log containing one or more communications previously reviewed by the rules system to determine if the previously reviewed communications in the log conforms to the communications policy, said analyzing comprising determining at least one of the previously viewed communications that is a non-conforming communication which does not conform with the communications policy;
identifying one or more of the rules of the rules system violated by the non-conforming communication;
analyzing the violating rules to determine a basis for why the violating rules were not effective in conforming the communications in the log to the communications policy;
determining modifications to the rules system to facilitate conformance of the communication traffic to the communications policy;
applying the determined modifications to the rules system to create a modified rules system;
testing the modified rules system and the rules system on the communications in the log with test communications without applying the modified rules system to new communications;
determining effectiveness of the modified rules system and of the rules system to conform the test communications to the communication policy, said determining effectiveness comprising evaluating an aggregation risk metric quantifying the potential exposure created by the modified rules system compared to the rules system; and
utilizing the modified rules system after determining effectiveness and as a function of the evaluated aggregation risk metric.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for reviewing effectiveness of a rules system applying one or more rules to communication traffic of a group of users. The method analyzes a log containing one or more communications reviewed by the rules system to determine if the communications in the log conforms to the communications policy. The method also identifies one or more of the rules of the rules system violated by the communications when the analyzing the log determines that at least one of the communications in the log does not conform to the communications policy. Other methods determine the effectiveness of planned modifications to a rules system.
53 Citations
15 Claims
-
1. A computerized method executable by a processor of a computing device for evaluating a rules system, said rules system applying one or more rules to communication traffic of a group of users for conforming the communication traffic to a communications policy, said method comprising:
-
analyzing a log containing one or more communications previously reviewed by the rules system to determine if the previously reviewed communications in the log conforms to the communications policy, said analyzing comprising determining at least one of the previously viewed communications that is a non-conforming communication which does not conform with the communications policy; identifying one or more of the rules of the rules system violated by the non-conforming communication; analyzing the violating rules to determine a basis for why the violating rules were not effective in conforming the communications in the log to the communications policy; determining modifications to the rules system to facilitate conformance of the communication traffic to the communications policy; applying the determined modifications to the rules system to create a modified rules system; testing the modified rules system and the rules system on the communications in the log with test communications without applying the modified rules system to new communications; determining effectiveness of the modified rules system and of the rules system to conform the test communications to the communication policy, said determining effectiveness comprising evaluating an aggregation risk metric quantifying the potential exposure created by the modified rules system compared to the rules system; and utilizing the modified rules system after determining effectiveness and as a function of the evaluated aggregation risk metric. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computerized method executable by a processor of a computing device for evaluating planned modifications to an unmodified rules system, said unmodified rules system applying one or more rules to communication traffic of a group of users for conforming the communication traffic to a communications policy, said method comprising:
-
determining modifications to the rules applied by the unmodified rules system, said modified rules facilitating conformance of the communication traffic to the communications policy; applying said determined modifications to the unmodified rules system to create a modified rules system; testing the modified rules system and the unmodified rules system on an identical portion of the communication traffic, said communication traffic previously reviewed by the unmodified rules system; and determining effectiveness of the modified rules system and of the unmodified rules system to conform the identical portion of the communication traffic to the communications policy based upon the testing, said determining effectiveness further comprising evaluating an aggregation risk metric quantifying the potential exposure created by the modified rules system compared to the unmodified rules system. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A control system for reviewing effectiveness of a rules system, said rules system applying one or more rules to communication traffic of a group of users, said rules being adapted for conforming the communication traffic to a communications policy, said control system comprising:
-
a memory area having stored thereon; a rules store containing a copy of one or more rules applied by the rules system; and a communications store for collecting one or more communications previously reviewed by the rules system; and a processor configured to execute computer-executable instructions for accessing the memory area for; analyzing the communications of the communications store to determine if the previously reviewed communications conform to the communications policy, said analyzing comprising determining at least one of the previously viewed communications that is not in conformance with the communications policy; identifying, as a function of the non-conforming communication, one or more of the rules of the rules system in violation of the communications policy; analyzing the violating rules to determine a basis for why the violating rules were not effective in conforming the non-conforming communications in the log to the communications policy; determining modifications to the rules applied by the rules system to facilitate conformance of the communication to the communications policy; applying the determined modifications to the rules system to create a modified rules system; testing the modified rules system and the rules system on the communications in the log without applying the modified rules system to new communications; and determining effectiveness of the modified rules system to conform the test communications to the communication policy, said determining effectiveness comprising evaluating an aggregation risk metric quantifying the potential exposure created by the modified rules system compared to the rules system. - View Dependent Claims (15)
-
Specification