Method and apparatus for creating an information security policy based on a pre-configured template

US 8,225,371 B2
Filed: 07/15/2004
Issued: 07/17/2012
Est. Priority Date: 09/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying, by a computer system, one of a plurality of policy templates, wherein each of the plurality of policy templates includes information for creation of one or more policies for preventing use-restricted content from being sent over a network and a plurality of rules specifying conditions that trigger a policy violation;

identifying, by the computer system, source data having a tabular structure, the source data including a plurality of data elements having the use-restricted content; and

automatically creating, by the computer system, a first policy based on the identified policy template and the source data, wherein creating the first policy comprises comparing sets of columns specified in the plurality of rules of the policy template to columns of the source data, wherein the first policy is used for preventing presence of the plurality of data elements in a message sent by a user over the network, the plurality of data elements having the use-restricted content and being from the tabular structure of the identified source data, the first policy triggering an action involving the message upon detecting, in the message being sent by the user, information matching the plurality of data elements having the use-restricted content from the tabular structure of the identified source data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for creating a policy based on a pre-configured template is described. In one embodiment, source data having a tabular structure is identified. Further, one of multiple policy templates is used to automatically create a policy for detecting information from any one or more rows within the tabular structure of the source data.

158 Citations

35 Claims

1. A method comprising:
- identifying, by a computer system, one of a plurality of policy templates, wherein each of the plurality of policy templates includes information for creation of one or more policies for preventing use-restricted content from being sent over a network and a plurality of rules specifying conditions that trigger a policy violation;
  
  identifying, by the computer system, source data having a tabular structure, the source data including a plurality of data elements having the use-restricted content; and
  
  automatically creating, by the computer system, a first policy based on the identified policy template and the source data, wherein creating the first policy comprises comparing sets of columns specified in the plurality of rules of the policy template to columns of the source data, wherein the first policy is used for preventing presence of the plurality of data elements in a message sent by a user over the network, the plurality of data elements having the use-restricted content and being from the tabular structure of the identified source data, the first policy triggering an action involving the message upon detecting, in the message being sent by the user, information matching the plurality of data elements having the use-restricted content from the tabular structure of the identified source data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1 further comprising:
    - receiving data identifying user selection of the one of the plurality of policy templates.
  - 3. The method of claim 1 further comprising:
    - receiving data identifying user selection of the source data having the tabular structure.
  - 4. The method of claim 1 wherein each of the plurality of policy templates is defined based on a corresponding regulation and independently of the source data.
  - 5. The method of claim 1 wherein:
    - one of the plurality of rules specifies a set of inclusion columns from the source data having a tabular structure; and
      
      the policy is created to detect in one or more messages information from the set of inclusion columns within any single row of the tabular structure.
  - 6. The method of claim 1 wherein:
    - one of the plurality of rules specifies one or more exclusion columns from the source data having a tabular structure; and
      
      the policy is created to detect in one or more messages information from any single row of the tabular structure, the detected information excluding data from the one or more exclusion columns.
  - 7. The method of claim 5 wherein:
    - one of the plurality of rules further specifies a minimum number of inclusion columns from the set; and
      
      the policy is created to detect in one or more messages information from at least the minimum number of inclusion columns within any single row of the tabular structure.
  - 8. The method of claim 7 wherein using one of the plurality of policy templates to automatically create the policy comprises:
    - comparing the set of inclusion columns specified in the one of the plurality of rules with columns of the tabular structure of the source data;
      
      determining that at least one column from the set is missing from the tabular structure of the source; and
      
      removing the at least one missing column from the set specified in the one of the plurality of rules.
  - 9. The method of claim 8 further comprising:
    - determining that all columns are removed from the set specified in the one of the plurality of rules; and
      
      removing the one of the plurality of rules from the policy.
  - 10. The method of claim 8 further comprising:
    - determining that a number of columns remained in the set is less than the minimum number of inclusion columns that is specified in the one of the plurality of rules; and
      
      removing the one of the plurality of rules from the policy.
  - 11. The method of claim 8 further comprising:
    - determining that a number of columns remained in the set is less than the minimum number of inclusion columns that is specified in the one of the plurality of rules; and
      
      updating the minimum number of inclusion columns that is specified in the one of the plurality of rules with the number of columns remained in the set.
  - 12. The method of claim 5 wherein:
    - the one of the plurality of rules further specifies a minimum number of rows; and
      
      the policy is created to detect in one or more messages data from the set of inclusion columns within at least the minimum number of rows of the tabular structure.
  - 13. The method of claim 1 wherein:
    - one of the plurality of rules specifies an expression pattern; and
      
      the policy is created to detect the expression pattern in one or more messages.
  - 14. The method of claim 1 wherein:
    - one of the plurality of rules specifies one or more keywords; and
      
      the policy is created to detect in one or more messages the one or more keywords.
  - 15. The method of claim 1 wherein:
    - one of the plurality of rules specifies an attachment type; and
      
      the policy is created to detect one or more messages containing attachments of the attachment type.
  - 16. The method of claim 1 wherein:
    - one of the plurality of rules specifies an attachment size; and
      
      the policy is created to detect one or more messages containing attachments with size exceeding the attachment size.
  - 17. The method of claim 1 wherein:
    - one of the plurality of rules specifies sender identifying information; and
      
      the policy is created to detect one or more messages with senders matching the sender identifying information.
  - 18. The method of claim 1 wherein:
    - one of the plurality of rules specifies recipient identifying information; and
      
      the policy is created to detect one or more messages with recipients matching the recipient identifying information.
  - 19. The method of claim 1 further comprising:
    - maintaining the plurality of policy templates in a data store;
      
      receiving a new version of one of the plurality of templates over a network; and
      
      replacing the one of the plurality of templates with the new version.
  - 20. The method of claim 1 wherein the source data includes content of a plurality of sources, content of each of the plurality of sources having a tabular structure.

21. A system comprising:
- a memory hosting a template data store to store a plurality of policy templates, wherein each of the plurality of policy templates includes information for creation of one or more policies for preventing use-restricted content from being sent over a network and a plurality of rules specifying conditions that trigger a policy violation; and
  
  a processor coupled to the memory, to cause a policy specifier to identify source data having a tabular structure, the source data including the use-restricted content, and to automatically create a first policy based on the identified policy template and the source data, wherein creating the first policy comprises comparing sets of columns specified in the plurality of rules of the policy template to columns of the source data, wherein the first policy is used for preventing presence of the plurality of data elements in a message sent by a user over the network, the plurality of data elements having the use-restricted content and being from the tabular structure of the identified source data, the first policy triggering an action involving the message upon detecting, in the message being sent by the user, information matching the plurality of data elements having the use-restricted content from the tabular structure of the identified source data.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 22. The system of claim 21 further comprising:
    - a user interface to receive data identifying user selection of the one of the plurality of policy templates.
  - 23. The system of claim 21 further comprising:
    - a user interface to receive data identifying user selection of the source data having the tabular structure.
  - 24. The system of claim 21 wherein each of the plurality of policy templates is defined based on a corresponding regulation and independently of the source data.
  - 25. The system of claim 21 wherein:
    - one of the plurality of rules specifies a set of inclusion columns from the source data having a tabular structure; and
      
      the policy is created to detect in one or more messages information from the set of inclusion columns within any single row of the tabular structure.
  - 26. The system of claim 21 wherein:
    - one of the plurality of rules specifies one or more exclusion columns from the source data having a tabular structure; and
      
      the policy is created to detect in one or more messages information from any single row of the tabular structure, the detected information excluding data from the one or more exclusion columns.
  - 27. The system of claim 25 wherein:
    - the one of the plurality of rules further specifies a minimum number of inclusion columns from the set; and
      
      the policy is created to detect in one or more messages information from at least the minimum number of inclusion columns within any single row of the tabular structure.
  - 28. The system of claim 27 wherein the policy specifier is to create the policy by comparing the set of inclusion columns specified in the one of the plurality of rules with columns of the tabular structure of the source data, determining that at least one column from the set is missing from the tabular structure of the source, and removing the at least one missing column from the set specified in the one of the plurality of rules.
  - 29. The system of claim 28 wherein the policy specifier is further to determine that all columns are removed from the set specified in the one of the plurality of rules, and to remove the one of the plurality of rules from the policy.
  - 30. The system of claim 28 wherein the policy specifier is further to determine that a number of columns remained in the set is less than the minimum number of inclusion columns that is specified in the one of the plurality of rules, and to remove the one of the plurality of rules from the policy.
  - 31. The system of claim 28 wherein the policy specifier is further to determine that a number of columns remained in the set is less than the minimum number of inclusion columns that is specified in the one of the plurality of rules, and to update the minimum number of inclusion columns that is specified in the one of the plurality of rules with the number of columns remained in the set.
  - 32. The system of claim 25 wherein:
    - the one of the plurality of rules further specifies a minimum number of rows; and
      
      the policy is created to detect in one or more messages data from the set of inclusion columns within at least the minimum number of rows of the tabular structure.
  - 33. The system of claim 21 wherein the policy specifier is further to receive a new version of one of the plurality of templates over a network, and to replace the one of the plurality of templates with the new version.
  - 34. The system of claim 21 wherein the source data includes content of a plurality of sources, content of each of the plurality of sources having a tabular structure.

35. A non-transitory computer readable medium that provides instructions, which when executed on a processor causes the processor to perform a method comprising:
- identifying, by a computer system, one of a plurality of policy templates, wherein each of the plurality of policy templates includes information for creation of one or more policies for preventing use-restricted content from being sent over a network and a plurality of rules specifying conditions that trigger a policy violation;
  
  identifying, by the computer system, source data having a tabular structure, the source data including a plurality of data elements having the use-restricted content; and
  
  automatically creating, by the computer system, a first policy based on the identified policy template and the source data, wherein creating the first policy comprises comparing sets of columns specified in the plurality of rules of the policy template to columns of the source data, wherein the first policy is used for preventing presence of the plurality of data elements in a message sent by a user over the network, the plurality of data elements having the use-restricted content and being from the tabular structure of the identified source data, the first policy triggering an action involving the message upon detecting, in the message being sent by the user, information matching the plurality of data elements having the use-restricted content from the tabular structure of the identified source data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Jones, Chris, Bothwell, Eric, Rowney, Kevin T.
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US10/892,615
Publication Number

US 20050086252A1
Time in Patent Office

2,924 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 16/334   Query execution G06F16/335 ...

G06Q 10/107   Computer-aided management o...

Y10S 707/99943   Generating database or data...

Method and apparatus for creating an information security policy based on a pre-configured template

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

158 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for creating an information security policy based on a pre-configured template

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

158 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links