Managing and monitoring continuous improvement in detection of compliance violations
First Claim
1. A method performed by a computer for auditing a distributed computing environment in which a plurality of user entities has identity accounts which allow access to protected resources in the environment, comprising:
- by a processing unit in the computer, collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises personal data about an entity associated with the identity account and at least one of compliance data associated with at least one activity performed by a user entity associated with the identity account, or prior compliance violation data associated with the at least one activity performed by the user entity associated with the identity account;
determining a risk factor for the identity account based on the collected data;
calculating a risk score of the identity account based on the determined risk factor; and
auditing the identity account for compliance to a policy, wherein the identity account is audited with a respective frequency that is determined according to the risk score calculated for the identity account, wherein each of the plurality of identify accounts are audited at a respective frequency according to their own respective risk score calculated for their own respective identity account, wherein the personal data includes social media data that comprise connections or links to other entities with known prior compliance violations.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer implemented method, data processing system, and computer program product is provided for using compliance violation risk data about an entity to enable an identity management system to dynamically adjust the frequency in which the identity management system performs a reconciliation and compliance check of an identity account associated with the entity. Data associated with an identity account is collected, wherein the data comprises at least one of compliance data, prior compliance violations, or personal data about an entity associated with the identity account. One or more risk factors for the identity account based on the collected data are determined. A risk score of the identity account is calculated based on the determined risk factors. The identity account is then audited with a frequency according to the risk score assigned to the identity account.
-
Citations
25 Claims
-
1. A method performed by a computer for auditing a distributed computing environment in which a plurality of user entities has identity accounts which allow access to protected resources in the environment, comprising:
-
by a processing unit in the computer, collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises personal data about an entity associated with the identity account and at least one of compliance data associated with at least one activity performed by a user entity associated with the identity account, or prior compliance violation data associated with the at least one activity performed by the user entity associated with the identity account; determining a risk factor for the identity account based on the collected data; calculating a risk score of the identity account based on the determined risk factor; and auditing the identity account for compliance to a policy, wherein the identity account is audited with a respective frequency that is determined according to the risk score calculated for the identity account, wherein each of the plurality of identify accounts are audited at a respective frequency according to their own respective risk score calculated for their own respective identity account, wherein the personal data includes social media data that comprise connections or links to other entities with known prior compliance violations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A data processing system for auditing a distributed computing environment in which a plurality of entities has identity accounts which allow access to protected resources in the environment, comprising:
-
a bus; a storage device connected to the bus, wherein the storage device contains computer usable code; and a processing unit connected to the bus, wherein the processing unit executes the computer usable code to collect data associated with an identity account in a plurality of identity accounts, wherein the data comprises personal data about an entity associated with the identity account and at least one of compliance data associated with at least one activity performed by a user entity associated with the identity account, or prior compliance violation data associated with the at least one activity performed by the user entity associated with the identity account;
determine a risk factor for the identity account based on the collected data;
calculate a risk score of the identity account based on the determined risk factor; and
audit the identity account for compliance to a policy, wherein the identity account is audited with a respective frequency according to the risk score calculated for the identity account, wherein each of the plurality of identify accounts are audited at a respective frequency according to their own respective risk score calculated for their own respective identity account, wherein the personal data includes social media data that comprise connections or links to other entities with known prior compliance violations. - View Dependent Claims (14, 15)
-
-
16. A computer program product for auditing a distributed computing environment in which a plurality of entities has identity accounts which allow access to protected resources in the environment, comprising:
-
a tangible computer readable storage device having computer readable program code stored thereon, the computer readable program code for execution by a computer, comprising; computer readable program code for collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises personal data about an entity associated with the identity account and at least one of compliance data associated with at least one activity performed by a user entity associated with the identity account, or prior compliance violation data associated with the at least one activity performed by the user entity associated with the identity account; computer readable program code for determining a risk factor for the identity account based on the collected data; computer readable program code for calculating a risk score of the identity account based on the determined risk factor; and computer readable program code for auditing the identity account for compliance to a policy, wherein the identity account is audited with a respective frequency according to the risk score calculated for the identity account, wherein each of the plurality of identify accounts are audited at a respective frequency according to their own respective risk score calculated for their own respective identity account, wherein the personal data includes social media data that comprise connections or links to other entities with known prior compliance violations. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer program product for auditing a distributed computing environment in which a plurality of entities has identity accounts which allow access to protected resources in the environment, comprising:
-
a tangible computer readable storage device having computer readable program code stored thereon, the computer readable program code for execution by a computer, comprising; computer readable program code for collecting data associated with an identity account in a plurality of identity accounts, wherein the data comprises personal data about an entity associated with the identity account and at least one of compliance data, or prior compliance violation data; computer readable program code for determining a risk factor for the identity account based on the collected data; computer readable program code for calculating a risk score of the identity account based on the determined risk factor; and computer readable program code for auditing the identity account for compliance to a policy, wherein the identity account is audited with a frequency according to the risk score calculated for the identity account, wherein the personal data includes human resources data or social media data, wherein the social media data comprises connections or links to other entities with known prior compliance violations.
-
Specification