Managing and monitoring continuous improvement in detection of compliance violations

US 8,812,342 B2
Filed: 06/15/2010
Issued: 08/19/2014
Est. Priority Date: 06/15/2010
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computer for auditing a distributed computing environment in which a plurality of user entities has identity accounts which allow access to protected resources in the environment, comprising:

by a processing unit in the computer, collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises personal data about an entity associated with the identity account and at least one of compliance data associated with at least one activity performed by a user entity associated with the identity account, or prior compliance violation data associated with the at least one activity performed by the user entity associated with the identity account;

determining a risk factor for the identity account based on the collected data;

calculating a risk score of the identity account based on the determined risk factor; and

auditing the identity account for compliance to a policy, wherein the identity account is audited with a respective frequency that is determined according to the risk score calculated for the identity account, wherein each of the plurality of identify accounts are audited at a respective frequency according to their own respective risk score calculated for their own respective identity account, wherein the personal data includes social media data that comprise connections or links to other entities with known prior compliance violations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer implemented method, data processing system, and computer program product is provided for using compliance violation risk data about an entity to enable an identity management system to dynamically adjust the frequency in which the identity management system performs a reconciliation and compliance check of an identity account associated with the entity. Data associated with an identity account is collected, wherein the data comprises at least one of compliance data, prior compliance violations, or personal data about an entity associated with the identity account. One or more risk factors for the identity account based on the collected data are determined. A risk score of the identity account is calculated based on the determined risk factors. The identity account is then audited with a frequency according to the risk score assigned to the identity account.

Citations

25 Claims

1. A method performed by a computer for auditing a distributed computing environment in which a plurality of user entities has identity accounts which allow access to protected resources in the environment, comprising:
- by a processing unit in the computer, collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises personal data about an entity associated with the identity account and at least one of compliance data associated with at least one activity performed by a user entity associated with the identity account, or prior compliance violation data associated with the at least one activity performed by the user entity associated with the identity account;
  
  determining a risk factor for the identity account based on the collected data;
  
  calculating a risk score of the identity account based on the determined risk factor; and
  
  auditing the identity account for compliance to a policy, wherein the identity account is audited with a respective frequency that is determined according to the risk score calculated for the identity account, wherein each of the plurality of identify accounts are audited at a respective frequency according to their own respective risk score calculated for their own respective identity account, wherein the personal data includes social media data that comprise connections or links to other entities with known prior compliance violations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - re-determining the risk factor at pre-defined time intervals;
      
      assigning a new risk score to the identity account based on the re-determined risk factor; and
      
      adjusting the frequency in which the identity account is audited according to the new risk score assigned to the identity account.
  - 3. The method of claim 1, wherein the data comprises compliance data associated with at least one activity performed by a user entity associated with the identity account and personal data about the user entity associated with the identity account.
  - 4. The method of claim 1, wherein the compliance data comprises event data in W7 format, wherein the event data specifies the user entity that initiated an event, a type of action the event represents, when the event occurred, what object was affected by the event, where the event originated, and a system targeted by the event.
  - 5. The method of claim 1, wherein the prior compliance violation data comprises dates on which violations of the policy are detected and a description of the violations.
  - 6. The method of claim 1, wherein determining a risk factor for an identity account further comprises:
    - defining a set of risk profiles comprising risk criteria, data values, and risk factors associated with the data values, wherein the risk criteria specifies risk attributes that are to be monitored for the identify account, the data values are values collected for the identity account from various external sources based on the risk criteria, and the risk factors are risk values assigned to each data value of the data values;
      
      defining a risk score heuristic for calculating the risk score for a plurality of identity accounts, wherein the risk score heuristic comprises mathematical operators for combining the risk factors determined for each risk profile of the set of risk profiles to calculate the risk score for each of the identity accounts; and
      
      defining a reconciliation schedule for performing the auditing of the identity accounts based on the risk score that is calculated for each of the identity accounts.
  - 7. The method of claim 1, wherein determining a risk factor for the identity account further comprises:
    - applying risk criteria in a set of defined risk profiles to the collected data to determine the risk factors applicable to the identity account, wherein the risk criteria specifies risk attributes that are to be monitored for the identify account.
  - 8. The method of claim 1, wherein calculating the risk score of the identity account comprises using a risk score heuristic comprising mathematical operators for combining the risk factors determined for each risk profile to calculate the risk score of the identity account.
  - 9. The method of claim 1, wherein auditing the identity account for compliance to the policy further comprises:
    - locating the risk score in a reconciliation schedule; and
      
      auditing the identity account with the frequency associated with the risk score in the reconciliation schedule.
  - 10. The method of claim 7, wherein a given risk profile in the set of risk profiles comprises the risk criteria, at least one data value, and a risk factor associated with each of the at least one data value, wherein the risk criteria specifies risk attributes that are to be monitored for the identify account, the data values are values collected for the identity account from various external sources based on the risk criteria, and the risk factors are risk values assigned to each data value of the data values.
  - 11. The method of claim 1, wherein the auditing step comprises a compliance check that verifies that the identity accounts contain restrictions and permissions defined in the policy and verifies that the identity accounts match to appropriate end-users.
  - 12. The method of claim 1, wherein the step of collecting the data is performed at a first frequency and the step of auditing the identity account is performed at a second frequency that is different from the first frequency.

13. A data processing system for auditing a distributed computing environment in which a plurality of entities has identity accounts which allow access to protected resources in the environment, comprising:
- a bus;
  
  a storage device connected to the bus, wherein the storage device contains computer usable code; and
  
  a processing unit connected to the bus, wherein the processing unit executes the computer usable code to collect data associated with an identity account in a plurality of identity accounts, wherein the data comprises personal data about an entity associated with the identity account and at least one of compliance data associated with at least one activity performed by a user entity associated with the identity account, or prior compliance violation data associated with the at least one activity performed by the user entity associated with the identity account;
  
  determine a risk factor for the identity account based on the collected data;
  
  calculate a risk score of the identity account based on the determined risk factor; and
  
  audit the identity account for compliance to a policy, wherein the identity account is audited with a respective frequency according to the risk score calculated for the identity account, wherein each of the plurality of identify accounts are audited at a respective frequency according to their own respective risk score calculated for their own respective identity account, wherein the personal data includes social media data that comprise connections or links to other entities with known prior compliance violations.
- View Dependent Claims (14, 15)
- - 14. The data processing system of claim 13, wherein the program code to audit the identity account comprises program code to perform a compliance check that verifies that the identity accounts contain restrictions and permissions defined in the policy and verifies that the identity accounts match to appropriate end-users.
  - 15. The data processing system of claim 13, wherein the data is collected at a first frequency and the identity account is audited at a second frequency that is different from the first frequency.

16. A computer program product for auditing a distributed computing environment in which a plurality of entities has identity accounts which allow access to protected resources in the environment, comprising:
- a tangible computer readable storage device having computer readable program code stored thereon, the computer readable program code for execution by a computer, comprising;
  
  computer readable program code for collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises personal data about an entity associated with the identity account and at least one of compliance data associated with at least one activity performed by a user entity associated with the identity account, or prior compliance violation data associated with the at least one activity performed by the user entity associated with the identity account;
  
  computer readable program code for determining a risk factor for the identity account based on the collected data;
  
  computer readable program code for calculating a risk score of the identity account based on the determined risk factor; and
  
  computer readable program code for auditing the identity account for compliance to a policy, wherein the identity account is audited with a respective frequency according to the risk score calculated for the identity account, wherein each of the plurality of identify accounts are audited at a respective frequency according to their own respective risk score calculated for their own respective identity account, wherein the personal data includes social media data that comprise connections or links to other entities with known prior compliance violations.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The computer program product of claim 16, further comprising:
    - computer readable program code for re-determining the risk factor at pre-defined time intervals;
      
      computer readable program code for assigning a new risk score to the identity account based on the re-determined risk factor; and
      
      computer readable program code for adjusting the frequency in which the identity account is audited according to the new risk score assigned to the identity account.
  - 18. The computer program product of claim 16, wherein the compliance data comprises event data in W7 format, wherein the event data specifies the user entity that initiated an event, a type of action the event represents, when the event occurred, what object was affected by the event, where the event originated, and a system targeted by the event.
  - 19. The computer program product of claim 16, wherein the computer readable program code for determining a risk factor for an identity account further comprises:
    - computer readable program code for defining a set of risk profiles comprising risk criteria, data values, and risk factors associated with the data values, wherein the risk criteria specifies risk attributes that are to be monitored for the identify account, the data values are values collected for the identity account from various external sources based on the risk criteria, and the risk factors are risk values assigned to each data value of the data values;
      
      computer readable program code for defining a risk score heuristic for calculating the risk score for a plurality of identity accounts, wherein the risk score heuristic comprises mathematical operators for combining the risk factors determined for each risk profile of the set of risk profiles to calculate the risk score for each of the identity accounts; and
      
      computer readable program code for defining a reconciliation schedule for performing the auditing of the identity accounts based on the risk score that is calculated for each of the identity accounts.
  - 20. The computer program product of claim 16, wherein the computer readable program code for determining a risk factor for the identity account further comprises computer readable program code for applying risk criteria in a set of defined risk profiles to the collected data to determine the risk factors applicable to the identity account, wherein the risk criteria specifies risk attributes that are to be monitored for the identify account, wherein the computer readable program code for calculating the risk score of the identity account further comprises computer readable program code for using a risk score heuristic comprising mathematical operators for combining the risk factors determined for each risk profile to calculate the risk score of the identity account, and wherein the computer readable program code for auditing the identity account for compliance to the policy further comprises computer readable program code for locating the risk score in a reconciliation schedule and auditing the identity account with the frequency associated with the risk score in the reconciliation schedule.
  - 21. The computer program product of claim 16, wherein the computer readable program code is stored in a computer readable storage medium in a data processing system, and wherein the computer readable program code is downloaded over a network from a remote data processing system.
  - 22. The computer program product of claim 16, wherein the computer readable program code is stored in a computer readable storage medium in a server data processing system, and wherein the computer readable program code is downloaded over a network from a remote data processing system for use in a computer readable storage medium with the remote system.
  - 23. The computer program product of claim 16, wherein the computer readable program code for auditing the identity account comprises:
    - computer readable program code to perform a compliance check that verifies that the identity accounts contain restrictions and permissions defined in the policy and verifies that the identity accounts match to appropriate end-users.
  - 24. The computer program product of claim 16, wherein the data is collected at a first frequency and the identity account is audited at a second frequency that is different from the first frequency.

25. A computer program product for auditing a distributed computing environment in which a plurality of entities has identity accounts which allow access to protected resources in the environment, comprising:
- a tangible computer readable storage device having computer readable program code stored thereon, the computer readable program code for execution by a computer, comprising;
  
  computer readable program code for collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises personal data about an entity associated with the identity account and at least one of compliance data, or prior compliance violation data;
  
  computer readable program code for determining a risk factor for the identity account based on the collected data;
  
  computer readable program code for calculating a risk score of the identity account based on the determined risk factor; and
  
  computer readable program code for auditing the identity account for compliance to a policy, wherein the identity account is audited with a frequency according to the risk score calculated for the identity account, wherein the personal data includes human resources data or social media data, wherein the social media data comprises connections or links to other entities with known prior compliance violations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Barcelo, Fernando, Doll, Dennis R., Hassoun, Bassam H., Matthiesen, Brian R., Weise, Jedd, Young, John B.
Primary Examiner(s)
Koneru, Sujay

Application Number

US12/815,948
Publication Number

US 20110307957A1
Time in Patent Office

1,526 Days
Field of Search

705 711- 742
US Class Current

705/7.28
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

G06Q 10/0635   Risk analysis of enterprise...

H04L 63/102   Entity profiles

H04W 12/67   Risk-dependent, e.g. select...

Managing and monitoring continuous improvement in detection of compliance violations

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Managing and monitoring continuous improvement in detection of compliance violations

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links