Methods and apparatus for rating device security and automatically assessing security compliance
First Claim
1. An Automatic Security Compliance Assessment (ASCA) method, the method comprising the steps of:
- generating, at a control server, a plurality of Settings Objects, wherein each of the plurality of Settings Objects corresponds to a particular Settings Class of a plurality of different Settings Classes for a wireless computing device and is designed to configure a particular subsystem of a plurality of subsystems of the wireless computing device, wherein the plurality of Settings Objects have an expected overall device security rating (ODSR);
generating, at the control server in response to the plurality of Settings Objects, a security interaction template (SIT) corresponding to the plurality of Settings Objects; and
a security test script comprising overall security test cases corresponding to the plurality of Settings Objects and the security interaction template (SIT);
applying at least some of the plurality of Settings Objects to corresponding ones of the plurality of subsystems at the wireless computing device to configure the corresponding ones of the plurality of subsystems;
sending a request to the subsystems for actual Settings Objects currently applied to the subsystems, and determining if the subsystems are configured as specified by the plurality of Settings Objects by comparing actual Settings Objects currently applied to the subsystems to the plurality of Settings Objects;
when the subsystems are determined to be configured as specified by the plurality of Settings Objects, determining an Actual ODSR for the wireless computing device based on the SIT and the actual Settings Objects currently applied to the subsystems;
determining, based on the actual Settings Objects currently applied to the subsystems, relevant ones of the overall security test cases that are to be executed, and executing the relevant ones of the overall security test cases on the subsystems to compute a verified ODSR for the wireless computing device;
generating a security assessment results record, comprising;
the Actual ODSR, the verified ODSR, an indication of when the assessment took place, and an indication for each of the subsystems of whether that particular subsystem passed corresponding ones of the overall security test cases that were executed with respect to that particular subsystem; and
storing the security assessment results record in a security assessment log.
4 Assignments
0 Petitions
Accused Products
Abstract
Automatic Security Compliance Assessment (ASCA) systems and methods are provided. The disclosed systems and methods can automatically determine whether all of the devices in an enterprise network comply with security policies or standards, and can automatically take remedial or corrective action to bring those devices into compliance with security policies or standards if they are determined not to be in compliance. The disclosed systems and methods can automatically ensure that all of the devices in an enterprise network remain in compliance with the security policies or standards, and automatically create records that establish whether each of the devices are in compliance and regularly update those records over time so that the enterprise can quickly and easily provide evidence of compliance and/or corrective actions taken to bring devices into compliance if required to do so.
-
Citations
21 Claims
-
1. An Automatic Security Compliance Assessment (ASCA) method, the method comprising the steps of:
-
generating, at a control server, a plurality of Settings Objects, wherein each of the plurality of Settings Objects corresponds to a particular Settings Class of a plurality of different Settings Classes for a wireless computing device and is designed to configure a particular subsystem of a plurality of subsystems of the wireless computing device, wherein the plurality of Settings Objects have an expected overall device security rating (ODSR); generating, at the control server in response to the plurality of Settings Objects, a security interaction template (SIT) corresponding to the plurality of Settings Objects; and
a security test script comprising overall security test cases corresponding to the plurality of Settings Objects and the security interaction template (SIT);applying at least some of the plurality of Settings Objects to corresponding ones of the plurality of subsystems at the wireless computing device to configure the corresponding ones of the plurality of subsystems; sending a request to the subsystems for actual Settings Objects currently applied to the subsystems, and determining if the subsystems are configured as specified by the plurality of Settings Objects by comparing actual Settings Objects currently applied to the subsystems to the plurality of Settings Objects; when the subsystems are determined to be configured as specified by the plurality of Settings Objects, determining an Actual ODSR for the wireless computing device based on the SIT and the actual Settings Objects currently applied to the subsystems; determining, based on the actual Settings Objects currently applied to the subsystems, relevant ones of the overall security test cases that are to be executed, and executing the relevant ones of the overall security test cases on the subsystems to compute a verified ODSR for the wireless computing device; generating a security assessment results record, comprising;
the Actual ODSR, the verified ODSR, an indication of when the assessment took place, and an indication for each of the subsystems of whether that particular subsystem passed corresponding ones of the overall security test cases that were executed with respect to that particular subsystem; andstoring the security assessment results record in a security assessment log. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 20, 21)
-
-
10. An Automatic Security Compliance Assessment (ASCA) system, comprising:
-
a computer; a wireless computing device comprising a plurality of subsystems, wherein each particular subsystem is configurable by applying a Settings Object corresponding to that particular subsystem; and a control server communicatively coupled to the computer and the wireless computing device, the control server being designed to generate, in response to Values input at the computer for a plurality of Configurable Attributes of the wireless computing device; a plurality of Settings Objects each corresponding to a particular Settings Class of a plurality of different Settings Classes for the wireless computing device, wherein the plurality of Settings Objects have an expected overall device security rating (ODSR); a security interaction template (SIT) corresponding to the plurality of Settings Objects; and a security test script comprising overall security test cases corresponding to the plurality of Settings Objects and the security interaction template (SIT); wherein the wireless computing device further comprises; a Settings Objects application module designed to;
receive the plurality of Settings Objects from the control server, and apply at least some of the plurality of Settings Objects to corresponding ones of the plurality of subsystems to configure the corresponding ones of the plurality of subsystems;a Settings Objects verification module designed to;
receive the plurality of Settings Objects from the control server;
send a request to the subsystems for actual Settings Objects currently applied to the subsystems;
compare the actual Settings Objects currently applied to the subsystems to the plurality of Settings Objects to determine if the subsystems are configured as specified by the plurality of Settings Objects; and
generate a begin security assessment command when the subsystems are determined to be configured as specified by the plurality of Settings Objects; andan automated security assessment module designed to;
determine, in response to the begin security assessment command, an Actual ODSR for the wireless computing device based on the SIT and the actual Settings Objects currently applied to the subsystems; and
determine, based on the actual Settings Objects currently applied to the subsystems, relevant ones of the overall security test cases that are to be executed, and execute the relevant ones of the overall security test cases on the subsystems to compute a verified ODSR for the wireless computing device, wherein the automated security assessment module is further designed to generate a security assessment results record, comprising;
the Actual ODSR, the verified ODSR, an indication of when the assessment took place, and an indication for each of the subsystems of whether that particular subsystem passed corresponding ones of the overall security test cases that were executed with respect to that particular subsystem. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification