Method and apparatus for creating an information security policy based on a pre-configured template

US 8,813,176 B2
Filed: 06/25/2012
Issued: 08/19/2014
Est. Priority Date: 09/18/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

identifying, by a computer system, a policy template that includes information for automated creation of one or more policies for preventing use-restricted content from being sent over a network;

identifying, by the computer system, source data having a tabular structure, the source data including a plurality of data elements having the use-restricted content; and

automatically creating, by the computer system, a policy and an associated abstract data structure based on the identified policy template and the source data, wherein the abstract data structure does not reveal the plurality of data elements having the use-restricted content, and wherein the policy and the abstract data structure are used for preventing presence of the plurality of data elements in one or more messages sent over the network, the plurality of data elements having the use-restricted content and being from the tabular structure of the identified source data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for creating a policy based on a pre-configured template is described. In one embodiment, source data having a tabular structure is identified. Further, one of multiple policy templates is used to automatically create a policy for detecting information from any one or more rows within the tabular structure of the source data.

Citations

22 Claims

1. A method comprising:
- identifying, by a computer system, a policy template that includes information for automated creation of one or more policies for preventing use-restricted content from being sent over a network;
  
  identifying, by the computer system, source data having a tabular structure, the source data including a plurality of data elements having the use-restricted content; and
  
  automatically creating, by the computer system, a policy and an associated abstract data structure based on the identified policy template and the source data, wherein the abstract data structure does not reveal the plurality of data elements having the use-restricted content, and wherein the policy and the abstract data structure are used for preventing presence of the plurality of data elements in one or more messages sent over the network, the plurality of data elements having the use-restricted content and being from the tabular structure of the identified source data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the policy template is one of a plurality of policy templates, each of the plurality of policy templates being defined based on a corresponding regulation and independently of the source data.
  - 3. The method of claim 1, wherein:
    - the policy template further includes a rule specifying a set of inclusion columns from the source data; and
      
      the policy is created to detect in the one or more messages information from the set of inclusion columns within one or more rows of the tabular structure.
  - 4. The method of claim 3, wherein:
    - the rule further specifies a minimum number of rows; and
      
      the policy is created to detect in the one or more messages data from the set of inclusion columns within at least the minimum number of rows of the tabular structure.
  - 5. The method of claim 1, wherein:
    - the policy template further includes a rule specifying one or more exclusion columns from the source data; and
      
      the policy is created to detect in the one or more messages information from one or more rows of the tabular structure, the detected information excluding data from the one or more exclusion columns.
  - 6. The method of claim 1, wherein using the policy template to create the policy comprises;
    - comparing a set of inclusion columns specified in a rule included in the policy template with columns of the tabular structure of the source data;
      
      determining that at least one column from the set is missing from the tabular structure of the source data; and
      
      removing the at least one missing column from the set specified in the rule.
  - 7. The method of claim 6, further comprising:
    - determining that a number of inclusion columns remaining in the set is less than a minimum number of inclusion columns that is specified in the rule; and
      
      performing at least one of;
      
      removing the rule from the policy;
      
      orupdating the minimum number of inclusion columns that is specified in the rule with the number of inclusion columns remaining in the set.
  - 8. The method of claim, 1 wherein:
    - the policy template includes a plurality of rules specifying conditions that trigger a policy violation, one of the plurality of rules specifying at least one of an expression pattern, a keyword, an attachment type, an attachment size, sender identifying information or recipient identifying information; and
      
      the policy is created to detect at least one of the expression pattern, the keyword, the attachment type, the attachment size, the sender identifying information or the recipient identifying information in one or more messages.

9. A system comprising:
- a data store to store a policy template that includes information for automated creation of one or more policies for preventing use-restricted content from being sent over a network;
  
  a memory to store instructions for a policy specifier; and
  
  a processor, coupled to the memory, to execute the instructions for the policy specifier, wherein the processer is configured to;
  
  identify source data having a tabular structure, the source data including a plurality of data elements having the use-restricted content; and
  
  automatically create a policy and an associated abstract data structure based on the identified policy template and the source data, wherein the abstract data structure does not reveal the plurality of data elements having the use-restricted content, and wherein the policy and the abstract data structure are used for preventing presence of the plurality of data elements in one or more messages sent over the network, the plurality of data elements having the use-restricted content and being from the tabular structure of the identified source data.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein:
    - the policy template further includes a rule specifying a set of inclusion columns from the source data; and
      
      the policy is created to detect in the one or more messages information from the set of inclusion columns within any single row of the tabular structure.
  - 11. The system of claim 10, wherein:
    - the rule further specifies a minimum number of rows; and
      
      the policy is created to detect in the one or more messages data from the set of inclusion columns within at least the minimum number of rows of the tabular structure.
  - 12. The system of claim 9, wherein:
    - the policy template further includes a rule specifying one or more exclusion columns from the source data; and
      
      the policy is created to detect in the one or more messages information from any single row of the tabular structure, the detected information excluding data from the one or more exclusion columns.
  - 13. The system of claim 9, wherein using the policy template to create the policy comprises:
    - comparing a set of inclusion columns specified in a rule included in the policy template with columns of the tabular structure of the source data;
      
      determining that at least one column from the set is missing from the tabular structure of the source data; and
      
      removing the at least one missing column from the set specified in the rule.
  - 14. The system of claim 13, wherein the processor is further configured to:
    - determine that a number of inclusion columns remaining in the set is less than a minimum number of inclusion columns that is specified in the rule; and
      
      perform at least one of;
      
      removing the rule from the policy;
      
      orupdating the minimum number of inclusion columns that is specified in the rule with the number of inclusion columns remaining in the set.
  - 15. The system of claim 9, wherein:
    - the policy template includes a plurality of rules specifying conditions that trigger a policy violation, one of the plurality of rules specifying at least one of an expression pattern, a keyword, an attachment type, an attachment size, sender identifying information or recipient identifying information; and
      
      the policy is created to detect at least one of the expression pattern, the keyword, the attachment type, the attachment size, the sender identifying information or the recipient identifying information in one or more messages.

16. A non-transitory computer readable medium having instructions that, when executed by a processor, cause the processor to perform a method comprising:
- identifying, by the processor, a policy template that includes information for automated creation of one or more policies for preventing use-restricted content from being sent over a network;
  
  identifying, by the processor, source data having a tabular structure, the source data including a plurality of data elements having the use-restricted content; and
  
  automatically creating, by the processor, a policy and an associated abstract data structure based on the identified policy template and the source data, wherein the abstract data structure does not reveal the plurality of data elements having the use-restricted content wherein the policy and the abstract data structure are used for preventing presence of the plurality of data elements in one or more messages sent over the network, the plurality of data elements having the use-restricted content and being from the tabular structure of the identified source data.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The non-transitory computer readable medium of claim 16, wherein:
    - the policy template further includes a rule specifying a set of inclusion columns from the source data; and
      
      the policy is created to detect in the one or more messages information from the set of inclusion columns within one or more rows of the tabular structure.
  - 18. The non-transitory computer readable medium of claim 17, wherein:
    - the rule further specifies a minimum number of rows; and
      
      the policy is created to detect in the one or more messages data from the set of inclusion columns within at least the minimum number of rows of the tabular structure.
  - 19. The non-transitory computer readable medium of claim 16, wherein:
    - the policy template further includes a rule specifying one or more exclusion columns from the source data; and
      
      the policy is created to detect in the one or more messages information from one or more rows of the tabular structure, the detected information excluding data from the one or more exclusion columns.
  - 20. The non-transitory computer readable medium of claim 16, wherein using the policy template to create the policy comprises:
    - comparing a set of inclusion columns specified in a rule included in the policy template with columns of the tabular structure of the source data;
      
      determining that at least one column from the set is missing from the tabular structure of the source data; and
      
      removing the at least one missing column from the set specified in the rule.
  - 21. The non-transitory computer readable medium of claim 20, the method further comprising:
    - determining that a number of columns remaining in the set is less than a minimum number of inclusion columns that is specified in the rule; and
      
      performing at least one of;
      
      removing the rule from the policy;
      
      orupdating the minimum number of inclusion columns that is specified in the rule with the number of inclusion columns remaining in the set.
  - 22. The non-transitory computer readable medium of claim, 16 wherein:
    - the policy template further includes a plurality of rules specifying conditions that trigger a policy violation, one of the plurality of rules specifying at least one of an expression pattern, a keyword, an attachment type, an attachment size, sender identifying information or recipient identifying information; and
      
      the policy is created to detect at least one of the expression pattern, the keyword, the attachment type, the attachment size, the sender identifying information or the recipient identifying information in one or more messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Jones, Chris, Bothwell, Eric, Rowney, Kevin T.
Primary Examiner(s)
Zecher, Cordelia
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US13/532,660
Publication Number

US 20120266210A1
Time in Patent Office

785 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

G06F 16/334   Query execution G06F16/335 ...

G06Q 10/107   Computer-aided management o...

Y10S 707/99943   Generating database or data...

Method and apparatus for creating an information security policy based on a pre-configured template

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for creating an information security policy based on a pre-configured template

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links