Security control verification and monitoring subsystem for use in a computer information database system
First Claim
1. A security control verification and monitoring subsystem for use with a managed computer system, the security control verification and monitoring subsystem including:
- A. a security control manager forassigning respective security risk categories to groups of computers,consisting of two or more computers, for all computers in the managed computer system,associating benchmark security levels with the risk categories for;
respective groups of computers;
directing a computer within a given group as to the benchmark security level the computer should use for security compliance testing;
B. client profilers associated with respective computers in a group of computers, the client profilers periodically uploading the computer profile data to an associated computer information database, andC. a security verifier associated with a given computer in a given group for retrieving benchmark definition files that correspond to the benchmark security level specified by the security control manager and selected attributes of the computer that are based upon the computer profile data of the computers that are contained within the database, the security verifier automatically changing which benchmark definition files are retrieved to correspond to changes in the selected attributes of the computer without user modification of benchmark tests and settings per computer;
performing a security verification operation using the retrieved benchmark definition files periodically, andreporting the results of the security control verification operation to the security control manager.
1 Assignment
0 Petitions
Accused Products
Abstract
A security control verification and monitoring subsystem of a managed computer system performs security control verification operations regularly and for each security control verification operation determines the applicable security benchmark level for use by a given computer. The subsystem assigns security risk categories to groups of computers based, for example, on overall system or group administrator supplied potential impact settings and/or system type and business or information type selections. The subsystem further associates the security risk categories with security benchmark levels based on mapping information supplied by the overall system or group administrator. The subsystem then directs the computer to benchmark definition files based on the assigned security risk category, the associated security benchmark level and attributes of the computer. The subsystem performs the security control verification operations whenever the computer performs computer profile data update operations, and thus, monitors essentially continuously the security control compliance of the computer. The subsystem stores the results of the security verification operations and includes the results in reports for the system, group or computer.
15 Citations
23 Claims
-
1. A security control verification and monitoring subsystem for use with a managed computer system, the security control verification and monitoring subsystem including:
-
A. a security control manager for assigning respective security risk categories to groups of computers, consisting of two or more computers, for all computers in the managed computer system, associating benchmark security levels with the risk categories for; respective groups of computers; directing a computer within a given group as to the benchmark security level the computer should use for security compliance testing; B. client profilers associated with respective computers in a group of computers, the client profilers periodically uploading the computer profile data to an associated computer information database, and C. a security verifier associated with a given computer in a given group for retrieving benchmark definition files that correspond to the benchmark security level specified by the security control manager and selected attributes of the computer that are based upon the computer profile data of the computers that are contained within the database, the security verifier automatically changing which benchmark definition files are retrieved to correspond to changes in the selected attributes of the computer without user modification of benchmark tests and settings per computer; performing a security verification operation using the retrieved benchmark definition files periodically, and reporting the results of the security control verification operation to the security control manager. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 23)
-
-
11. A method for monitoring security control verification in a managed computer system, the method including:
-
assigning security risk categories to groups of computers, groups being two or more computers; for the respective groups, mapping benchmark security levels to the risk categories; associating a given computer with the benchmark security level associated with the group to which the computer belongs, an administrator overriding the mapping of the respective security risk category for a group, a subset of a group or a respective computer with a new mapping; associating a given computer with a client profiler that is configured to periodically upload computer profile data about the computer to an associated database; selecting benchmark definition files that correspond to the associated benchmark security level and selected attributes of the given computer, the attributes being selected information of the computer based upon said computer profile data of the computer; automatically changing which benchmark security definition files are retrieved to correspond to changes in the selected attributes of a computer without user modification of benchmark tests and settings of the computer; comparing the security control settings of the given computer with the settings of the selected benchmark; continuously monitoring the security control verification system and implementing changes in the security risk categories and benchmark definition files, based upon the new mapping, including associating a given computer with the benchmark security level associated with the group to which the computer belongs, automatically changing which benchmark definition files are retrieved to correspond to changes in selected attributes of a computer, and comparing the security control settings of the given computer with the settings of the selected benchmark as part of periodic computer profile updating operations; and reporting the results of the comparisons, the computer profile data being included in the reports. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A security control manager for controlling security verification operations in a managed computer system, the security control manager including:
-
one or more processors configured to assign security risk categories to respective groups of computers, groups being two or more computers, and for the respective groups associating the risk categories with benchmark security levels; the one or more processors further configured to select the benchmark security level for use by a given computer based on the security risk category assigned to the group of which the computer is a member and the benchmark security level associated with the assigned risk category for the group; the one or more processors further configured to communication with an associated database that is periodically updated by the uploading of computer profile data to by client profilers; the one or more processors further configured to monitor the security control verification system and implementing changes in the security risk categories and benchmark definition files; the one or more processors further configured to provide one or more interfaces though which an overall system administrator or a group administrator selects a mapping of security risk categories to benchmark security levels for one or both of respective groups and respective computers within a given group; the one or more processors further configured to provide one or more interfaces through which an administrator overrides said respective security risk categories and said benchmark security level settings for a group of computers, a subset of a group of computers, and an individual computer; and the one or more processors further configured automatically apply the mapping to those computers without user modification of benchmark tests and settings per computer. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification