Method and system for controlling context-aware cybersecurity training
First Claim
Patent Images
1. A cybersecurity training system, comprising:
- one or more data storage devices that store;
at least one cybersecurity training intervention, anda training needs model;
an electronic device comprising one or more sensors that sense data relating to behavior or activity of at least one user of the electronic device, wherein the one or more sensors comprise one or more of the following;
a USB device sensor configured to detect when a USB drive has been connected to the electronic device,a Wi-Fi sensor configured to detect a Wi-Fi access point to which the electronic device is connected, ora Wi-Fi sensor configured to detect whether the at least one user has attempted to connect the electronic device to a mock rogue Wi-Fi access point;
an analysis host computer comprising a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors of the analysis host computer to implement a policy manager that;
receives the sensed data from the electronic device via a communications network;
analyzes the sensed data by applying the training needs model to the sensed data to determine whether the at least one user may be at risk for a threat scenario, andidentifies, from the at least one cybersecurity training intervention, a set of one or more policy manager-identified cybersecurity training interventions that are relevant to the threat scenario;
a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to implement a system administrator interface that displays the set of one or more policy manager-identified cybersecurity training interventions and receives a selection of an intervention in the set via the system administrator interface; and
a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to generate a command to deliver the selected cybersecurity training intervention to an electronic device for presentation to the at least one user.
9 Assignments
0 Petitions
Accused Products
Abstract
A context-aware training system senses a user action that may expose the user to a threat, such as a cybersecurity threat. The system selects a training action from a collection of available training actions and causes the training action to be delivered to the user or a group of users. The system includes an administrator interface that enables an administrator to select, customize and/or assign constraints to the training action that will be delivered to the user(s).
167 Citations
28 Claims
-
1. A cybersecurity training system, comprising:
-
one or more data storage devices that store; at least one cybersecurity training intervention, and a training needs model; an electronic device comprising one or more sensors that sense data relating to behavior or activity of at least one user of the electronic device, wherein the one or more sensors comprise one or more of the following; a USB device sensor configured to detect when a USB drive has been connected to the electronic device, a Wi-Fi sensor configured to detect a Wi-Fi access point to which the electronic device is connected, or a Wi-Fi sensor configured to detect whether the at least one user has attempted to connect the electronic device to a mock rogue Wi-Fi access point; an analysis host computer comprising a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors of the analysis host computer to implement a policy manager that; receives the sensed data from the electronic device via a communications network; analyzes the sensed data by applying the training needs model to the sensed data to determine whether the at least one user may be at risk for a threat scenario, and identifies, from the at least one cybersecurity training intervention, a set of one or more policy manager-identified cybersecurity training interventions that are relevant to the threat scenario; a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to implement a system administrator interface that displays the set of one or more policy manager-identified cybersecurity training interventions and receives a selection of an intervention in the set via the system administrator interface; and a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to generate a command to deliver the selected cybersecurity training intervention to an electronic device for presentation to the at least one user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of providing an administrator interface for a cybersecurity training system, comprising:
-
maintaining, on one or more data storage devices, one or more training interventions and a training needs model; by one or more sensors of an electronic device, sensing data relating to behavior or activity of at least one user of the electronic device, wherein the one or more sensors comprise one or more of the following; a USB device sensor configured to detect when a USB drive has been connected to the electronic device, a Wi-Fi sensor configured to detect a Wi-Fi access point to which the electronic device is connected, or a Wi-Fi sensor configured to detect whether the at least one user has attempted to connect the electronic device to a mock rogue Wi-Fi access point; and by a processor of an analysis host computer; receiving the sensed data from the one or more sensors via a communication network, applying the training needs model to the received data to determine whether the at least one user may be at risk of a threat scenario, identifying one or more of the training interventions that are relevant to the threat scenario, displaying, via the system administrator interface, the identified one or more training interventions, receiving, via the system administrator interface, a selection of a displayed cybersecurity training intervention, and generating a command to deliver the selected cybersecurity training intervention to an electronic device for output to the at least one user. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of providing an administrator interface for a cybersecurity training system, comprising:
-
maintaining, on one or more data storage devices, at least one cybersecurity training intervention; by one or more sensors of an electronic device, receiving data relating to behavior or activity of at least one user of the electronic device, wherein the one or more sensors comprise one or more of the following; a USB device sensor configured to detect when a USB drive has been connected to the electronic device, a Wi-Fi sensor configured to detect a Wi-Fi access point to which the electronic device is connected, or a Wi-Fi sensor configured to detect whether the at least one user has attempted to connect the electronic device to a mock rogue Wi-Fi access point; and by a processor of an analysis host computer; and by a processor of an analysis host computer; receiving the data from the electronic device via a communication network, applying a training needs model to the received data to determine whether the at least one user may be at risk for a threat scenario, displaying, via a system administrator interface, a representation of a measurement of whether the at least one user may be at risk for the threat scenario, identifying one or more of the cybersecurity training interventions that are relevant to the threat scenario, displaying, via the system administrator interface, the identified one or more cybersecurity training interventions, receiving, via the system administrator interface, a selection of one of the displayed cybersecurity training interventions, receiving a customization for the selected cybersecurity training intervention, and generating a command to deliver the selected cybersecurity training intervention with the customization to an electronic device for presentation to the at least one user. - View Dependent Claims (23, 24)
-
-
25. A cybersecurity training system, comprising:
-
one or more data storage devices that store; at least one training intervention, and a training needs model; an electronic device comprising one or more sensors that sense data relating to behavior or activity of at least one user of the electronic device, wherein the one or more sensors comprise one or more of the following; a USB device sensor configured to detect when a USB drive has been connected to the electronic device, a Wi-Fi sensor configured to detect a Wi-Fi access point to which the electronic device is connected, or a Wi-Fi sensor configured to detect whether the at least one user has attempted to connect the electronic device to a mock rogue Wi-Fi access point; an analysis host computer comprising one or more processors and a computer-readable memory portion holding programming instructions that, when executed, instruct the one or more processors of the analysis host computer to implement a policy manager that; receives the sensed data from the electronic device via a communication network, and analyzes the sensed data relating to at least one user by applying the training needs model to the sensed data to determine whether the at least one user may be at risk for a threat scenario; and a computer-readable memory portion holding programming instructions that, when executed, instruct one or more processors to implement a system administrator interface that is configured to perform at least one of the following actions; display parameters of the training needs model and receive a customization of the training needs model via the system administrator interface, or display logic of the policy manager and receive a configuration of the logic the system administrator interface; wherein the system is also configured to, upon completion of at least one of the actions of the system administrator interface; select one or more of the training interventions that are relevant to the threat scenario, and generate a command to deliver the selected training intervention to an electronic device for presentation to the at least one user. - View Dependent Claims (26, 27, 28)
-
Specification