Automated security manager
First Claim
Patent Images
1. A system, comprising:
- a first data store to store asset data that is related to an electronic information resource and that is related to a process that relies on the electronic information resource;
a security risk analysis logic to identify a risk associated with the electronic information resource and to determine an impact associated with the risk occurring to the electronic information resource;
a recovery logic to determine an attainable recovery for the electronic information resource after the risk occurs, where the attainable recovery includes a recovery point objective associated with a version of the electronic information resource that is to be recreated from before the risk occurring;
wherein the recovery logic is configured to establish a recovery time objective that describes a first point in time when the electronic information resource is to be available after the risk occurs, and where the time objective includes a confidence factor that describes the likelihood of attaining recovery by the recovery time objective;
a score logic to determine one or more values that quantify security management performance with respect to a set of electronic information resources that include the electronic information resource, where the score logic is configured to score the automated security action based at least in part on the confidence factor and achieving the recovery point objective within the recovery time objective when the automated security action occurs;
a loss logic to determine a loss expectancy associated with the electronic information resource, the loss expectancy being determined from the one or more values; and
a decision logic to provide a signal concerning an automated security action to be taken, where the action to be taken depends, at least in part, on the values, or the loss expectancy,wherein the recovery logic, the score logic, the loss logic, and the decision logic are embodied on a non-transitory computer readable medium.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods, media, and other embodiments associated with automated security management are described. One example system embodiment includes logic to collect, organize, and maintain data concerning electronic information resources, data concerning security criteria to which the electronic information resources may be subjected, and data concerning security risks to which the electronic information resources may be susceptible. The system may include logic to make an automated security management decision based on analyzing the data concerning the electronic information resources, the data concerning the security criteria, and the data concerning the security risks.
22 Citations
22 Claims
-
1. A system, comprising:
-
a first data store to store asset data that is related to an electronic information resource and that is related to a process that relies on the electronic information resource; a security risk analysis logic to identify a risk associated with the electronic information resource and to determine an impact associated with the risk occurring to the electronic information resource; a recovery logic to determine an attainable recovery for the electronic information resource after the risk occurs, where the attainable recovery includes a recovery point objective associated with a version of the electronic information resource that is to be recreated from before the risk occurring; wherein the recovery logic is configured to establish a recovery time objective that describes a first point in time when the electronic information resource is to be available after the risk occurs, and where the time objective includes a confidence factor that describes the likelihood of attaining recovery by the recovery time objective; a score logic to determine one or more values that quantify security management performance with respect to a set of electronic information resources that include the electronic information resource, where the score logic is configured to score the automated security action based at least in part on the confidence factor and achieving the recovery point objective within the recovery time objective when the automated security action occurs; a loss logic to determine a loss expectancy associated with the electronic information resource, the loss expectancy being determined from the one or more values; and a decision logic to provide a signal concerning an automated security action to be taken, where the action to be taken depends, at least in part, on the values, or the loss expectancy, wherein the recovery logic, the score logic, the loss logic, and the decision logic are embodied on a non-transitory computer readable medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory machine-readable medium having stored thereon machine-executable instructions that if executed by a machine cause the machine to perform a method, the method comprising:
-
accessing a first set of data concerning one or more computer-supported information resources and one or more processes that rely on the computer-supported information resources; accessing a second set of data concerning one or more security criteria related to the one or more computer-supported information resources; accessing a third set of data concerning one or more risks associated with the one or more computer-supported information resources; accessing a fourth set of data concerning one or more automated responses available to apply upon determining that a computer-supported information resource of the one or more computer-supported information resources has encountered a risk of the one or more risks; automatically initiating a response from the fourth data set on determining that a risk has occurred for an impacted information resource of the one or more computer-supported information resources; and scoring the response based, at least in part, on a recovery time objective, and a recovery point objective associated with the response when the response occurs, where the recovery point objective is a version of the impacted information resource that is to be recreated, where the recovery time objective is a first point in time when the impacted electronic information resource is to be available after the risk occurs, and where the time objective includes a confidence factor that describes the likelihood of attaining recovery by the first point in time. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A non-transitory machine-readable medium having stored thereon machine-executable instructions that when executed by a machine cause the machine to perform a method, the method comprising:
-
collecting, organizing, and maintaining data concerning security criteria to which electronic information resources are to be subjected;
collecting, organizing, and maintaining data concerning security risks to which the electronic information resources are susceptible;generating an automated security management decision based on analysis of data concerning the electronic information resources, the data concerning the security criteria, and the data concerning the security risks, where making an automated security management decision includes making a decision concerning an attainable recovery for one or more of the electronic information resources after one or more of the security risks occurs, where the attainable recovery includes a recovery point objective that indicates a version of the electronic information resource from a set of versions that is to be recreated, a recovery time objective that indicates a first point in time when the electronic information resource is to be available after a risk occurs, and a confidence factor that describes the likelihood of attaining the recovery point objective by the first point in time; and scoring an automatic response to the security risk when the security risk occurs based, at least in part, on the recovery point objective, the recovery time objective, and the confidence factor.
-
Specification