End user risk management

US 7,865,958 B2
Filed: 02/05/2009
Issued: 01/04/2011
Est. Priority Date: 07/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method for calculating a risk score representing a risk posed by a user to information within a computer system, the method comprising:

determining, by a security agent executing on a computer within a computer system, a data risk associated with computer system information accessible by a user of the computer system;

determining, by the security agent, an application risk associated with applications executing within the computer system;

calculating, by the security agent, a risk score associated with the user using at least the data risk and the application risk;

analyzing, by the security agent, interactions between the user and the computer system to determine a risk metric for the user interactions;

re-calculating, by the security agent, the risk score using the data risk, the application risk and the determined risk metric; and

displaying the risk score to the user.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A flexible, efficient and easy-to-use computer security management system effectively evaluates and responds to informational risks on a wide variety of computing platforms and in a rapidly changing network environment. An individual computer system dynamically monitors its end user, without regard to network connectivity, in order to calculate a risk score and to ensure that the end user'"'"'s behavior does not put corporate information or other assets at risk. Data regarding such risks and responses are analyzed and stored in real-time.

106 Citations

View as Search Results

16 Claims

1. A method for calculating a risk score representing a risk posed by a user to information within a computer system, the method comprising:
- determining, by a security agent executing on a computer within a computer system, a data risk associated with computer system information accessible by a user of the computer system;
  
  determining, by the security agent, an application risk associated with applications executing within the computer system;
  
  calculating, by the security agent, a risk score associated with the user using at least the data risk and the application risk;
  
  analyzing, by the security agent, interactions between the user and the computer system to determine a risk metric for the user interactions;
  
  re-calculating, by the security agent, the risk score using the data risk, the application risk and the determined risk metric; and
  
  displaying the risk score to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising determining a risk level representative of an amount of unsolicited email received by the user.
  - 3. The method of claim 2, wherein calculating the risk score further comprises calculating the risk score using at least the data risk, the application risk and the risk level.
  - 4. The method of claim 1, wherein determining the data risk further comprises determining the data risk based in part on a predetermined sensitivity value associated with the computer system information.
  - 5. The method of claim 1, wherein determining the application risk further comprises determining the application risk based in part on a probability that interactions between the user and at least one application will corrupt at least a portion of the computer system information.
  - 6. The method of claim 1, further comprising determining that the risk score exceeds a predetermined threshold and, responsive to the determination, restricting access to computer system information.
  - 7. The method of claim 1, wherein re-calculating the risk score further comprises identifying that the determined risk metric is greater than a previously determined risk metric and, responsive to the identification, increasing the risk score.
  - 8. The method of claim 1, wherein re-calculating the risk score further comprises identifying that the determined risk metric is less than a previously determined risk metric and, responsive to the identification, decreasing the risk score.

9. A system for calculating a risk score representing a risk posed by a user to information in a computer system, the system comprising:
- a computer system comprising at least one computer and having information accessible by a user of the computer system; and
  
  a security agent executing on a computer within the computer system to;
  
  determine a data risk associated with the computer system information,determine an application associated with applications executing within the computer system,calculate a risk score associated with the user, using at least the data risk and the application risk,analyze interactions between the user and the computer system to determine a risk metric for the user interactions,re-calculate the risk score using the data risk, the application risk, and the determined risk metric, anddisplay the risk score to the user.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, further comprising a security agent that determines a risk level representative of an amount of unsolicited email received by the user.
  - 11. The system of claim 10, wherein the security agent calculates the risk score using at least the data risk, the application risk and the risk level.
  - 12. The system of claim 9, wherein the security agent determines the data risk based in part on a predetermined sensitivity value associated with the computer system information.
  - 13. The system of claim 9, wherein the security agent determines the application risk based in part on a probability that interactions between the user and at least one application will corrupt at least a portion of the computer system information.
  - 14. The system of claim 9, wherein the security agent determines that the risk score exceeds a predetermined threshold and, responsive to the determination, restricts access to computer system information.
  - 15. The system of claim 9, wherein the security agent re-calculates the risk score by identifying that the determined risk metric is greater than a previously determined risk metric and, responsive to the identification, increases the risk score.
  - 16. The system of claim 9, wherein the security agent re-calculates the risk score by identifying that the determined risk metric is less than a previously determined risk metric and, responsive to the identification, decreases the risk score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Norman, Dustin, Lieblich, Jason
Primary Examiner(s)
Vu; Kimyen
Assistant Examiner(s)
SHAN, APRIL YING

Application Number

US12/366,150
Publication Number

US 20090178142A1
Time in Patent Office

698 Days
Field of Search

726/25, 726/23, 726/26, 726/27, 726/29, 726/30, 726/28, 455/26.1, 399/366, 379/93.02, 708/135
US Class Current

726/25
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/14   for detecting or protecting...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/20   for managing network securi...

End user risk management

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

End user risk management

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links