Automated security manager

US 8,166,551 B2
Filed: 07/17/2007
Issued: 04/24/2012
Est. Priority Date: 07/17/2007
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a first data store to store asset data that is related to an electronic information resource and that is related to a process that relies on the electronic information resource;

a security risk analysis logic to identify a risk associated with the electronic information resource and to determine an impact associated with the risk occurring to the electronic information resource;

a recovery logic to determine an attainable recovery for the electronic information resource after the risk occurs, where the attainable recovery includes a recovery point objective associated with a version of the electronic information resource that is to be recreated from before the risk occurring;

wherein the recovery logic is configured to establish a recovery time objective that describes a first point in time when the electronic information resource is to be available after the risk occurs, and where the time objective includes a confidence factor that describes the likelihood of attaining recovery by the recovery time objective;

a score logic to determine one or more values that quantify security management performance with respect to a set of electronic information resources that include the electronic information resource, where the score logic is configured to score the automated security action based at least in part on the confidence factor and achieving the recovery point objective within the recovery time objective when the automated security action occurs;

a loss logic to determine a loss expectancy associated with the electronic information resource, the loss expectancy being determined from the one or more values; and

a decision logic to provide a signal concerning an automated security action to be taken, where the action to be taken depends, at least in part, on the values, or the loss expectancy,wherein the recovery logic, the score logic, the loss logic, and the decision logic are embodied on a non-transitory computer readable medium.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, media, and other embodiments associated with automated security management are described. One example system embodiment includes logic to collect, organize, and maintain data concerning electronic information resources, data concerning security criteria to which the electronic information resources may be subjected, and data concerning security risks to which the electronic information resources may be susceptible. The system may include logic to make an automated security management decision based on analyzing the data concerning the electronic information resources, the data concerning the security criteria, and the data concerning the security risks.

22 Citations

View as Search Results

22 Claims

1. A system, comprising:
- a first data store to store asset data that is related to an electronic information resource and that is related to a process that relies on the electronic information resource;
  
  a security risk analysis logic to identify a risk associated with the electronic information resource and to determine an impact associated with the risk occurring to the electronic information resource;
  
  a recovery logic to determine an attainable recovery for the electronic information resource after the risk occurs, where the attainable recovery includes a recovery point objective associated with a version of the electronic information resource that is to be recreated from before the risk occurring;
  
  wherein the recovery logic is configured to establish a recovery time objective that describes a first point in time when the electronic information resource is to be available after the risk occurs, and where the time objective includes a confidence factor that describes the likelihood of attaining recovery by the recovery time objective;
  
  a score logic to determine one or more values that quantify security management performance with respect to a set of electronic information resources that include the electronic information resource, where the score logic is configured to score the automated security action based at least in part on the confidence factor and achieving the recovery point objective within the recovery time objective when the automated security action occurs;
  
  a loss logic to determine a loss expectancy associated with the electronic information resource, the loss expectancy being determined from the one or more values; and
  
  a decision logic to provide a signal concerning an automated security action to be taken, where the action to be taken depends, at least in part, on the values, or the loss expectancy,wherein the recovery logic, the score logic, the loss logic, and the decision logic are embodied on a non-transitory computer readable medium.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, including a second data store to store criteria data against which the asset data can be compared to determine a compliance score related to security management of the set of electronic information resources.
  - 3. The system of claim 2, the criteria data including data associated with a standard, data associated with a regulation, or data associated with a procedure, the standard being an ISACA standard, a NIST standard, an ISO standard, or a NIACA standard, the regulation being a SOX-related regulation, a GLB-related regulation, a HIPAA-related regulation, a Patriot Act related regulation, or an SP 1386 (California) related regulation.
  - 4. The system of claim 1, the asset data including data that describes a process or an electronic information resource upon which the process relies, electronic information resource ownership, electronic information resource custody, an electronic information resource security classification, a maximum allowable downtime associated with an electronic information resource, a failover resource associated with an electronic information resource, or an asset value associated with an electronic information resource.
  - 5. The system of claim 4, the asset data including data that describes a disaster recovery plan associated with an electronic information resource, a risk countermeasure available for an electronic information resource, a threat response plan associated with an electronic information resource, a business continuity plan associated with an electronic information resource, a purge schedule associated with an electronic information resource, a physical access limitation associated with an electronic information resource, an electronic access limitation associated with an electronic information resource, a loss likelihood associated with an electronic information resource, a loss impact associated with an electronic information resource, an insurability factor associated with an electronic information resource, a set aside amount associated with an electronic information resource, a cost associated with a single outage related to an electronic information resource, or an annual rate of occurrence associated with an electronic information resource.
  - 6. The system of claim 1, where the asset data describes electronic information resources associated with a database system and where the processes that rely on the electronic information resources are database processes.
  - 7. The system of claim 1, where the security risk analysis logic is configured to identify a confidentiality risk, an availability risk, an integrity risk, an authentication risk, or a non-repudiation risk.
  - 8. The system of claim 1, including a third data store to store a set of training data related to the criteria data or the values produced by the score logic.
  - 9. The system of claim 1, including a business continuity test logic configured to schedule a non-computerized business continuity test, an automated business continuity test with notice, or an automated business continuity test without notice, the business continuity test logic to initiate a business continuity test, to record a business continuity test result, and to provide a score associated with the business continuity test to the score logic.
  - 10. The system of claim 9, including a planning logic configured to plan an automated response to the risk.
  - 11. The system of claim 10, where the planning logic is configured to perform the automated response including identifying a response team, a call tree, a response process to initiate, or a response protocol to be followed.
  - 12. The system of claim 10, the automated response being one of, accepting a risk, mitigating a risk, and transferring a risk.
  - 13. The system of claim 10, where the planning logic is configured to select a countermeasure to apply upon the occurrence of the risk.
  - 14. The system of claim 1, where the score logic is configured to produce values that quantify compliance with a standard, a current degree of risk, or a current loss expectancy, and where the score logic scores the automated security action dynamically as it occurs.
  - 15. The system of claim 1, where the loss logic is to determine a loss expectancy based on an annualized basis exposure percentage, an annualized rate of occurrence, and a resource value.
  - 16. The system of claim 1, where the decision logic is to provide a signal concerning a compliance determination, a budget allocation determination, a bonus determination, a compensation amount, an insurance premium, or a risk recovery set aside amount.

17. A non-transitory machine-readable medium having stored thereon machine-executable instructions that if executed by a machine cause the machine to perform a method, the method comprising:
- accessing a first set of data concerning one or more computer-supported information resources and one or more processes that rely on the computer-supported information resources;
  
  accessing a second set of data concerning one or more security criteria related to the one or more computer-supported information resources;
  
  accessing a third set of data concerning one or more risks associated with the one or more computer-supported information resources;
  
  accessing a fourth set of data concerning one or more automated responses available to apply upon determining that a computer-supported information resource of the one or more computer-supported information resources has encountered a risk of the one or more risks;
  
  automatically initiating a response from the fourth data set on determining that a risk has occurred for an impacted information resource of the one or more computer-supported information resources; and
  
  scoring the response based, at least in part, on a recovery time objective, and a recovery point objective associated with the response when the response occurs, where the recovery point objective is a version of the impacted information resource that is to be recreated, where the recovery time objective is a first point in time when the impacted electronic information resource is to be available after the risk occurs, and where the time objective includes a confidence factor that describes the likelihood of attaining recovery by the first point in time.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The machine-readable medium of claim 17, where the method includes maintaining the first set of data, the second set of data, the third set of data, or the fourth set of data.
  - 19. The machine-readable medium of claim 17, where the method includes planning a business continuity test, conducting a business continuity test, or scoring the result of a business continuity test.
  - 20. The machine-readable medium of claim 17, controlling a security process based on the one or more security criteria that are based, at least in part, on analyzing the first set of data in light of the second, third, and fourth sets of data, or analyzing the third set of data in light of the fourth set of data,where the security process determines whether a compliance certification is to be issued for a system in which one or more of the information resources appear, whether an automated response to a risk is to be initiated, whether a security measure associated with an information resource is to be altered, whether a potential loss associated with an information resource is to be insured against, or a compensation determination for security management personnel.
  - 21. The machine-readable medium of claim 17, where the information resources associated with the first data set are associated with a database system and where the processes associated with the first data set are database processes.

22. A non-transitory machine-readable medium having stored thereon machine-executable instructions that when executed by a machine cause the machine to perform a method, the method comprising:
- collecting, organizing, and maintaining data concerning security criteria to which electronic information resources are to be subjected;
  
  collecting, organizing, and maintaining data concerning security risks to which the electronic information resources are susceptible;
  
  generating an automated security management decision based on analysis of data concerning the electronic information resources, the data concerning the security criteria, and the data concerning the security risks, where making an automated security management decision includes making a decision concerning an attainable recovery for one or more of the electronic information resources after one or more of the security risks occurs, where the attainable recovery includes a recovery point objective that indicates a version of the electronic information resource from a set of versions that is to be recreated, a recovery time objective that indicates a first point in time when the electronic information resource is to be available after a risk occurs, and a confidence factor that describes the likelihood of attaining the recovery point objective by the first point in time; and
  
  scoring an automatic response to the security risk when the security risk occurs based, at least in part, on the recovery point objective, the recovery time objective, and the confidence factor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
King, Nigel
Primary Examiner(s)
Lanier, Benjamin
Assistant Examiner(s)
ZECHER, CORDELIA P K

Application Number

US11/879,429
Publication Number

US 20090024627A1
Time in Patent Office

1,743 Days
Field of Search

726/25
US Class Current

726/25
CPC Class Codes

G06F 21/554 involving event detection a...

G06F 21/577 Assessing vulnerabilities a...

Automated security manager

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Automated security manager

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links