Dynamic incident response
First Claim
1. A computing device, comprising:
- at least one processor; and
memory storing computer readable instructions that, when executed by the at least one processor, cause the computing device to;
determine that a security incident has occurred, the security incident being a physical security incident or a cyber security incident;
load a predefined response template, the predefined response template comprising a plurality of parameters for responding to the security incident;
utilize a data platform to identify one or more potential responders for the security incident based on the predefined response template, wherein the data platform maintains physical access information, logical access information, hybrid access information, and availability information for an organization, and wherein the one or more potential responders are associated with the organization;
contact the one or more potential responders for the security incident identified based on the predefined response template;
monitor communications by the one or more potential responders for the security incident identified based on the predefined response template, the monitored communications being responsive to the contact;
update historical interaction data maintained by the data platform, based on the monitored communications by the one or more potential responders for the security incident identified based on the predefined response template; and
calculate, based on the historical interaction data maintained by the data platform, a response likelihood value for at least one potential responder of the one or more potential responders for the security incident identified based on the predefined response template, the response likelihood value for the at least one potential responder being indicative of a likelihood that the at least one potential responder will respond to a future security incident.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, computer-readable media, and apparatuses for providing dynamic incident response using advanced analytics are presented. In some embodiments, a computing device may determine that an incident has occurred. The computing device then may load a predefined response template that includes parameters for responding to the incident. Subsequently, the computing device may utilize a big data platform to identify one or more potential responders for the incident based on the predefined response template. In some additional embodiments, the computing device also may contact the identified potential responders and subsequently monitor communications by the identified potential responders that are responsive to the contact. The computing device may also update historical interaction data based on the monitoring, and this historical interaction data may be used to subsequently determine the likelihood that at least one potential responder will respond to a future incident.
28 Citations
20 Claims
-
1. A computing device, comprising:
-
at least one processor; and memory storing computer readable instructions that, when executed by the at least one processor, cause the computing device to; determine that a security incident has occurred, the security incident being a physical security incident or a cyber security incident; load a predefined response template, the predefined response template comprising a plurality of parameters for responding to the security incident; utilize a data platform to identify one or more potential responders for the security incident based on the predefined response template, wherein the data platform maintains physical access information, logical access information, hybrid access information, and availability information for an organization, and wherein the one or more potential responders are associated with the organization; contact the one or more potential responders for the security incident identified based on the predefined response template; monitor communications by the one or more potential responders for the security incident identified based on the predefined response template, the monitored communications being responsive to the contact; update historical interaction data maintained by the data platform, based on the monitored communications by the one or more potential responders for the security incident identified based on the predefined response template; and calculate, based on the historical interaction data maintained by the data platform, a response likelihood value for at least one potential responder of the one or more potential responders for the security incident identified based on the predefined response template, the response likelihood value for the at least one potential responder being indicative of a likelihood that the at least one potential responder will respond to a future security incident. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
determining, by a computing device, that a security incident has occurred, the security incident being a physical security incident or a cyber security incident; loading, by the computing device, a predefined response template, the predefined response template comprising a plurality of parameters for responding to the security incident; utilizing, by the computing device, a data platform to identify one or more potential responders for the security incident based on the predefined response template, wherein the data platform maintains physical access information, logical access information, hybrid access information, and availability information for an organization, and wherein the one or more potential responders are associated with the organization; contacting, by the computing device, the one or more potential responders for the security incident identified based on the predefined response template; monitoring, by the computing device, communications by the one or more potential responders for the security incident identified based on the predefined response template, the monitored communications being responsive to the contacting; updating, by the computing device, historical interaction data maintained by the data platform, based on the monitored communications by the one or more potential responders for the security incident identified based on the predefined response template; and calculating, by the computing device, based on the historical interaction data maintained by the data platform, a response likelihood value for at least one potential responder of the one or more potential responders for the security incident identified based on the predefined response template, the response likelihood value for the at least one potential responder being indicative of a likelihood that the at least one potential responder will respond to a future security incident. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. At least one non-transitory computer readable medium having instructions stored thereon that, when executed, cause at least one processor to:
-
determine that a security incident has occurred, the security incident being a physical security incident or a cyber security incident; load a predefined response template, the predefined response template comprising a plurality of parameters for responding to the security incident; utilize a data platform to identify one or more potential responders for the security incident based on the predefined response template, wherein the data platform maintains physical access information, logical access information, hybrid access information, and availability information for an organization, and wherein the one or more potential responders are associated with the organization; contact the one or more potential responders for the security incident identified based on the predefined response template; monitor communications by the one or more potential responders for the security incident identified based on the predefined response template, the monitored communications being responsive to the contact; update historical interaction data maintained by the data platform, based on the monitored communications by the one or more potential responders for the security incident identified based on the predefined response template; and calculate, based on the historical interaction data maintained by the data platform, a response likelihood value for at least one potential responder of the one or more potential responders for the security incident identified based on the predefined response template, the response likelihood value for the at least one potential responder being indicative of a likelihood that the at least one potential responder will respond to a future security incident. - View Dependent Claims (20)
-
Specification