Systems and method for identifying and mitigating information security risks

US 9,270,696 B2
Filed: 07/28/2014
Issued: 02/23/2016
Est. Priority Date: 11/16/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for identifying and mitigating information security risks, the method comprising:

assigning unique identifiers to a plurality of target e-mail addresses, wherein each e-mail address is associated with an individual user account, respectively;

delivering an e-mail message to one or more of the plurality of target e-mail addresses, wherein the e-mail message comprises a hypertext transfer protocol (HTTP) request and a unique identifier associated with a user account;

receiving, at a Phishing Metric Tool (PMT), a response including the unique identifier;

logging, by the PMT, a training requirement for the user account;

tracking, by the PMT, response metrics for the training requirement;

redirecting the HTTP request to a phishing training tool (PTT);

sending, by the PTT, a notification of a verified identity of the user account and the unique identifier to the PMT;

returning a status report for the training requirement, the status report including an indication of whether the user account has failed at least a portion of the training requirement; and

redirecting, by the PMT, the user account to undergo an additional training requirement related to the portion of the training requirement which was failed, upon receipt of the status report, when the status report indicates that the user account has failed at least the portion of the training requirement so that the user account is subjected to the additional training requirement,wherein the PMT and the PTT are respectively implemented by at least one processor of a computer processing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for Sustained Testing and Awareness Refresh against Phishing threats (STAR*Phish™) are disclosed. In an embodiment, a method assigns schemes and unique identifiers to target e-mail addresses associated with a user accounts. The method delivers e-mail messages to the targeted e-mail addresses, the e-mail messages comprising an HTTP request and a unique identifier associated with each of the user accounts. The method then receives, at a Phishing Metric Tool (PMT), a response including the unique identifier. The PMT logs training requirements for the user accounts, tracks response metrics for the training requirements, and redirects the respective HTTP requests to a phishing training tool (PTT). The PTT sends a notification of the user account identities and the unique identifiers to the PMT and returns a status for the training requirements for the user accounts. Upon completion of the training, the PMT sends completion notifications for the user accounts.

Citations

20 Claims

1. A computer-implemented method for identifying and mitigating information security risks, the method comprising:
- assigning unique identifiers to a plurality of target e-mail addresses, wherein each e-mail address is associated with an individual user account, respectively;
  
  delivering an e-mail message to one or more of the plurality of target e-mail addresses, wherein the e-mail message comprises a hypertext transfer protocol (HTTP) request and a unique identifier associated with a user account;
  
  receiving, at a Phishing Metric Tool (PMT), a response including the unique identifier;
  
  logging, by the PMT, a training requirement for the user account;
  
  tracking, by the PMT, response metrics for the training requirement;
  
  redirecting the HTTP request to a phishing training tool (PTT);
  
  sending, by the PTT, a notification of a verified identity of the user account and the unique identifier to the PMT;
  
  returning a status report for the training requirement, the status report including an indication of whether the user account has failed at least a portion of the training requirement; and
  
  redirecting, by the PMT, the user account to undergo an additional training requirement related to the portion of the training requirement which was failed, upon receipt of the status report, when the status report indicates that the user account has failed at least the portion of the training requirement so that the user account is subjected to the additional training requirement,wherein the PMT and the PTT are respectively implemented by at least one processor of a computer processing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein each target e-mail address is associated with a user account in an organization, and a training exercise is associated with the training requirement for the user account respectively associated with the target e-mail address.
  - 3. The method of claim 2, further comprising:
    - updating, by the PMT, the status of the training requirement,wherein the status is based at least in part on the tracked response metrics.
  - 4. The method of claim 3, wherein the status indicates at least one of:
    - a response to the e-mail message has not been received;
      
      the training exercise is underway;
      
      the training exercise has been completed unsuccessfully;
      
      the training exercise has been completed successfully;
      
      a certificate for a successfully completed training exercise has been generated; and
      
      a notification for a completed training exercise has been sent.
  - 5. The method of claim 4, wherein the notification is an e-mail message sent to the target e-mail address.
  - 6. The method of claim 4, further comprising:
    - sending a reminder notification to the target e-mail address in response to determining that the user account has not completed information security training within a pre-determined period of time.
  - 7. The method of claim 4, wherein the notification is an e-mail message sent to an administrator e-mail address associated with a system administrator of the organization.
  - 8. The method of claim 7, further comprising:
    - sending a reminder notification to the administrator e-mail address in response to determining that the user account has not completed information security training within a pre-determined period of time.
  - 9. The method of claim 2, further comprising:
    - receiving, at the PTT, credentials for the user account;
      
      validating, by the PTT, the credentials for the user account; and
      
      verifying a login to the user account based upon the validated credentials; and
      
      sending a start exercise message for the training exercise based upon verifying the login.

10. A non-transitory computer readable storage medium having program instructions stored thereon for identifying and mitigating information security risks, the instructions being executable by a processor of a computing device, the instructions comprising:
- instructions for receiving, at a phishing metrics tool (PMT), a phishing hypertext transfer protocol (HTTP) request;
  
  instructions for sending a redirect message from the PMT to a browser session;
  
  instructions for receiving, at a phishing training tool (PTT), a request for an application, wherein the request is based at least in part on the received phishing HTTP request;
  
  instructions for sending, from the PTT to the browser session, the requested application;
  
  instructions for sending, from the PTT, a start message for a first training requirement;
  
  instructions for sending, from the PTT, a training exercise associated with the first training requirement;
  
  instructions for returning a status report for the first training requirement, the status report including an indication of whether at least a portion of the first training requirement has been failed; and
  
  instructions for redirecting, by the PMT, the browser session to undergo an additional training requirement related to portion of the first training requirement which was failed, upon receipt of the status report, when the status report indicates that the at least the portion of the first training requirement has been failed so that a user using the browsing session is subjected to the additional training requirement.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The non-transitory computer readable storage medium of claim 10, wherein the instructions further comprise:
    - instructions for determining whether the training exercise has been completed; and
      
      instructions for generating a completion message in response to determining that the training exercise has been completed.
  - 12. The non-transitory computer readable storage medium of claim 11, wherein the instructions further comprise:
    - instructions for sending the completion message from the PTT to the PMT in response to determining that the training exercise has been completed.
  - 13. The non-transitory computer readable storage medium of claim 10, wherein the training exercise is an ADOBE™
    - Flex application.
  - 14. The non-transitory computer readable storage medium of claim 10, wherein the training exercise is an ADOBE™
    - Flash application.
  - 15. The non-transitory computer readable storage medium of claim 10, wherein the training exercise is an HTML5 application.

16. A system capable of identifying and mitigating information security risks, the system comprising:
- a phishing metric tool (PMT) configured to;
  
  receive a phishing hypertext transfer protocol (HTTP) request from a browser session; and
  
  send a redirect message to the browser session, the redirect message redirecting the browser session to a phishing training tool (PTT);
  
  an e-mail server configured to;
  
  send an e-mail message to a target user account, wherein the e-mail message is based on the phishing HTTP request, and wherein the e-mail message includes a unique identifier; and
  
  receive a response from the target user account, wherein the response includes the unique identifier;
  
  wherein the PTT is configured to;
  
  receive an application request based on the response;
  
  send the requested application to the browser session;
  
  send a start message for a training requirement for the target user account;
  
  send a training exercise associated with the training requirement;
  
  send a notification to the PMT of an identity of the target user account and the unique identifier; and
  
  update a status of the training exercise, the status of the training exercise including an indication of whether the user account has failed at least a portion of the training requirement,wherein the PMT is configured to redirect the user account to undergo an additional training requirement related to portion of the training requirement which was failed, upon receipt of the status, when the status indicates that the user account has failed at least the portion of the training requirement so that the user account is subjected to the additional training requirement, andwherein the PMT and the PTT are respectively implemented by at least one processor of a computer processing device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the PTT is in a trusted domain associated with an organization and wherein the target user account is associated with the organization.
  - 18. The system of claim 17, wherein the PMT is in an untrusted domain external to the organization comprising at least one web server and one or more distributed phishing agents.
  - 19. The system of claim 16, wherein the PMT is further configured to send a reminder notification in response to determining that the training exercise has not been completed within a designated time period.
  - 20. The system of claim 16, wherein the PTT is further configured to send a completion notification in response to determining that the training exercise has been completed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BOOZ Allen Hamilton Holding Corporation
Original Assignee
BOOZ Allen Hamilton Holding Corporation
Inventors
Fritzson, Art, Bezrukov, Semion, Palka, Sean
Primary Examiner(s)
KIM, TAE K

Application Number

US14/444,673
Publication Number

US 20140337995A1
Time in Patent Office

575 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/107   Computer-aided management o...

H04L 51/046   Interoperability with other...

H04L 51/48   Message addressing, e.g. ad...

H04L 63/14   for detecting or protecting...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

H04L 63/1491   using deception as counterm...

Systems and method for identifying and mitigating information security risks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and method for identifying and mitigating information security risks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links