Security management system

US 9,754,117 B2
Filed: 02/23/2015
Issued: 09/05/2017
Est. Priority Date: 02/24/2014
Status: Active Grant

First Claim

Patent Images

1. A system for providing a tailored security management framework for a business entity based on the business entity'"'"'s operations, infrastructure, and user-based processes, as well as industry-specific rules and regulations associated with the business entity, the system comprising:

a network-based computing system configured to communicate and exchange data with one or more network access computing devices via a communications network, the network-based computing system comprises;

a first memory for receiving and storing a first set of data associated with the business entity, the first set of data comprises information related to at least one of the business entity'"'"'s operations, the business entity'"'"'s infrastructure, the business entity'"'"'s procedures and policies, and one or more users authorized to have access to the system and exchange data associated with the business entity;

a second memory for receiving and storing a second set of data associated with an industry to which the business entity is related, the second set of data comprises industry-specific rules, regulations, and known security threats;

a processor that correlates the first and second sets of data with one another and generates a plurality of security schemes for use in the security management framework to assess and address potential security threats, wherein the correlation of the first and second sets of data comprises factoring the first and second sets of data in accordance with at least the formula;

∫

_bⁱprog=(prog_comp)×

RG_ap×

RA wherein a domain of a security program (prog) is defined on an interval of the industry (i), the business entity (b) belonging to the specific business entity composition (comp), including a program components relationship group (RG) driven by applicability (a), priority (p), and risk assessment (RA); and

an interface for receiving a request for access to data associated with the business entity;

wherein the processor compares request data with the plurality of security schemes and identifies a corresponding security scheme based on the comparison, the processor outputs informational data associated with the identified security scheme to a user associated with the one or more network access computing devices, the informational data comprises protocols or recommendations to facilitate actions to be taken by the user to address the received request for access to the business entity data, wherein the actions to be taken by the user, as facilitated by the protocols or recommendations, are in accordance with the business entity'"'"'s security procedures and policies and industry-specific rules and regulations associated with the business entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a system for providing an automated security management framework for an enterprise based on the enterprise'"'"'s operations, infrastructure, and user-based processes, as well as industry-specific rules and regulations associated with the enterprise. The system is configured to generate recommendations or instructions based on correlation of enterprise'"'"'s operations, infrastructure, and user-based processes with industry-specific rules and regulations. The recommendations or instructions are then provided to a user associated with the enterprise so as to facilitate actions to be taken to address a potential security threat.

38 Citations

View as Search Results

26 Claims

1. A system for providing a tailored security management framework for a business entity based on the business entity'"'"'s operations, infrastructure, and user-based processes, as well as industry-specific rules and regulations associated with the business entity, the system comprising:
- a network-based computing system configured to communicate and exchange data with one or more network access computing devices via a communications network, the network-based computing system comprises;
  
  a first memory for receiving and storing a first set of data associated with the business entity, the first set of data comprises information related to at least one of the business entity'"'"'s operations, the business entity'"'"'s infrastructure, the business entity'"'"'s procedures and policies, and one or more users authorized to have access to the system and exchange data associated with the business entity;
  
  a second memory for receiving and storing a second set of data associated with an industry to which the business entity is related, the second set of data comprises industry-specific rules, regulations, and known security threats;
  
  a processor that correlates the first and second sets of data with one another and generates a plurality of security schemes for use in the security management framework to assess and address potential security threats, wherein the correlation of the first and second sets of data comprises factoring the first and second sets of data in accordance with at least the formula;
  
  ∫
  
  _bⁱprog=(prog_comp)×
  
  RG_ap×
  
  RA wherein a domain of a security program (prog) is defined on an interval of the industry (i), the business entity (b) belonging to the specific business entity composition (comp), including a program components relationship group (RG) driven by applicability (a), priority (p), and risk assessment (RA); and
  
  an interface for receiving a request for access to data associated with the business entity;
  
  wherein the processor compares request data with the plurality of security schemes and identifies a corresponding security scheme based on the comparison, the processor outputs informational data associated with the identified security scheme to a user associated with the one or more network access computing devices, the informational data comprises protocols or recommendations to facilitate actions to be taken by the user to address the received request for access to the business entity data, wherein the actions to be taken by the user, as facilitated by the protocols or recommendations, are in accordance with the business entity'"'"'s security procedures and policies and industry-specific rules and regulations associated with the business entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the first set of data is selected from the group consisting of:
    - human resources, policies and procedures, physical infrastructure, virtual infrastructure, operating agreements, operational logs, risk factors, risk indicators, one or more users or parties associated with the business entity and corresponding level of security clearance with respect to business entity data, and a combination thereof.
  - 3. The system of claim 1, wherein the second set of data is selected from the group consisting of:
    - regulatory requirements, industry rules, industry threats, and a combination thereof.
  - 4. The system of claim 1, wherein the request data is selected from the group consisting of:
    - identity of a user or party requesting access, characteristics of a user or party requesting access, type of access requested, identity and characteristics of business entity data requested to be accessed, and a combination thereof.
  - 5. The system of claim 4, wherein the characteristics of the user or party requesting access is selected from the group consisting of:
    - user or party credentials, user or party role with respect to the business entity, user or party assignment to one of an internal trusted group and an external trusted group, and a combination thereof.
  - 6. The system of claim 1, wherein the informational data associated with the identified security scheme is selected from the group consisting of:
    - level of threat associated with the request, identity of a user or party requesting access, assigned role and level of clearance of a user or party requesting access with respect to the business entity, sensitivity of business entity data requested to be accessed, protocol for addressing the requested access, actions required in order to fulfill request, and a combination thereof.
  - 7. The system of claim 1, wherein the processor is further configured to set priority and baseline values for each of the plurality of security schemes based on the factoring step.
  - 8. The system of claim 1, wherein the processor is configured to continually monitor for input data from one or more users via the interface and update generated security schemes by correlating the input data with the first and second sets of data.
  - 9. The system of claim 1, wherein the network-based computing system comprises a server configured to manage business entity data and provide access to the business entity data to a user associated with the one or more devices over the network via a wired transmission or a wireless transmission protocol selected from the group consisting of:
    - Bluetooth communication, infrared communication, near field communication (NFC), radio-frequency identification (RFID) communication, cellular network communication, and a combination thereof.
  - 10. The system of claim 1, wherein the one or more network access computing devices are selected from the group consisting of:
    - a personal computer (PC), a desktop computer, a notebook computer, a tablet computer, a mobile computing device, a smartphone, a cellular telephone, a messaging device, a work station, a network appliance, a web appliance, a distributed computing system, a multiprocessor system, a processor-based system, a consumer electronic device, and a combination thereof.

11. A computer-implemented method for providing a tailored security management framework for a business entity based on the business entity'"'"'s operations, infrastructure, and user-based processes, as well as industry-specific rules and regulations associated with the business entity, comprising executing on a processor the steps of:
- storing a first set of data associated with the business entity in a first memory location, the first set of data comprises information related to at least one of the business entity'"'"'s operations, the business entity'"'"'s infrastructure, the business entity'"'"'s procedures and policies, and one or more users authorized to have access to data associated with the business entity;
  
  storing a second set of data associated with an industry to which the business entity is related, the second set of data comprises industry-specific rules, regulations, and known security threats;
  
  correlating, with a processor, the first and second sets of data with one another and generating, with the processor, a plurality of security schemes based on the correlation, the plurality of security schemes for use in the security management framework to assess and address potential security threats, wherein the correlation of the first and second sets of data comprises factoring the first and second sets of data in accordance with at least the formula;
  
  ∫
  
  _bⁱprog=(prog_comp)×
  
  RG_ap×
  
  RA wherein a domain of a security program (prog) is defined on an interval of the industry (i), the business entity (b) belonging to the specific business entity composition (comp), including a program components relationship group (RG) driven by applicability (a), priority (p), and risk assessment (RA);
  
  receiving, via an interface, a request for access to data associated with the business entity;
  
  comparing, with the processor, request data with the plurality of security schemes to identify a corresponding security scheme; and
  
  outputting, via a communications network, informational data associated with the identified security scheme to a user associated with one or more network access computing devices, the informational data comprises protocols or recommendations to facilitate actions to be taken by the user to address the received request for access to the business entity data,wherein the actions to be taken by the user, as facilitated by the protocols or recommendations, are in accordance with the business entity'"'"'s security procedures and policies and industry-specific rules and regulations associated with the business entity.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein the first set of data is selected from the group consisting of:
    - human resources, policies and procedures, physical infrastructure, virtual infrastructure, operating agreements, operational logs, risk factors, risk indicators, one or more users or parties associated with the business entity and corresponding level of security clearance with respect to business entity data, and a combination thereof.
  - 13. The method of claim 11, wherein the second set of data is selected from the group consisting of:
    - regulatory requirements, industry rules, industry threats, and a combination thereof.
  - 14. The method of claim 11, wherein the request data is selected from the group consisting of:
    - identity of a user or party requesting access, characteristics of a user or party requesting access, type of access requested, identity and characteristics of business entity data requested to be accessed, and a combination thereof.
  - 15. The method of claim 14, wherein the characteristics of the user or party requesting access is selected from the group consisting of:
    - user or party credentials, user or party role with respect to the business entity, user or party assignment to one of an internal trusted group and an external trusted group, and a combination thereof.
  - 16. The method of claim 11, wherein the informational data associated with the identified security scheme is selected from the group consisting of:
    - level of threat associated with the request, identity of a user or party requesting access, assigned role and level of clearance of a user or party requesting access with respect to the business entity, sensitivity of business entity data requested to be accessed, protocol for addressing the requested access, actions required in order to fulfill request, and a combination thereof.
  - 17. The method of claim 11, wherein correlating the first and second sets of data with one another to generate a plurality of security schemes further comprises setting, with the processor, priority and baseline values for each of the plurality of security schemes based on the factoring step.
  - 18. The method of claim 11, further comprising monitoring, with the processor, communications via the interface and detecting input data from one or more users and automatically updating, with the processor, security schemes based on correlation of the input data with the first and second sets of data.

19. A non-transitory computer-readable medium for providing a tailored security management framework for a business entity, comprising instructions stored thereon, that when executed on a processor, perform the steps of:
- storing a first set of data associated with the business entity in a first memory location, the first set of data comprises information related to at least one of the business entity'"'"'s operations, the business entity'"'"'s infrastructure, the business entity'"'"'s procedures and policies, and one or more users authorized to have access to data associated with the business entity;
  
  storing a second set of data associated with an industry to which the business entity is related, the second set of data comprises industry-specific rules, regulations, and known security threats;
  
  correlating the first and second sets of data with one another and generating, with the processor, a plurality of security schemes based on the correlation, the plurality of security schemes for use in the security management framework to assess and address potential security threats, wherein the correlation of the first and second sets of data comprises factoring the first and second sets of data in accordance with at least the formula;
  
  ∫
  
  _bⁱprog=(prog_comp)×
  
  RG_ap×
  
  RA wherein a domain of a security program (prog) is defined on an interval of the industry (i), the business entity (b) to the specific business entity composition (comp), including a program components relationship group (RG) driven by applicability (a), priority (p), and risk assessment (RA);
  
  receiving a request for access to data associated with the business entity;
  
  comparing request data with the plurality of security schemes to identify a corresponding security scheme; and
  
  outputting informational data associated with the identified security scheme to a user associated with one or more network access computing devices, the informational data comprises protocols or recommendations to facilitate actions to be taken by the user to address the received request for access to the business entity data,wherein the actions to be taken by the user, as facilitated by the protocols or recommendations, are in accordance with the business entity'"'"'s security procedures and policies and industry-specific rules and regulations associated with the business entity.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The non-transitory computer-readable medium of claim 19, wherein the first set of data is selected from the group consisting of:
    - human resources, policies and procedures, physical infrastructure, virtual infrastructure, operating agreements, operational logs, risk factors, risk indicators, one or more users or parties associated with the business entity and corresponding level of security clearance with respect to business entity data, and a combination thereof.
  - 21. The non-transitory computer-readable medium of claim 19, wherein the second set of data is selected from the group consisting of:
    - regulatory requirements, industry rules, industry threats, and a combination thereof.
  - 22. The non-transitory computer-readable medium of claim 19, wherein the request data is selected from the group consisting of:
    - identity of a user or party requesting access, characteristics of a user or party requesting access, type of access requested, identity and characteristics of business entity data requested to be accessed, and a combination thereof.
  - 23. The non-transitory computer-readable medium of claim 22, wherein the characteristics of the user or party requesting access is selected from the group consisting of:
    - user or party credentials, user or party role with respect to the business entity, user or party assignment to one of an internal trusted group and an external trusted group, and a combination thereof.
  - 24. The non-transitory computer-readable medium of claim 19, wherein the informational data associated with the identified security scheme is selected from the group consisting of:
    - level of threat associated with the request, identity of a user or party requesting access, assigned role and level of clearance of a user or party requesting access with respect to the business entity, sensitivity of business entity data requested to be accessed, protocol for addressing the requested access, actions required in order to fulfill request, and a combination thereof.
  - 25. The non-transitory computer-readable medium of claim 19, wherein correlating the first and second sets of data with one another to generate a plurality of security schemes further comprises setting priority and baseline values for each of the plurality of security schemes based on the factoring step.
  - 26. The non-transitory computer-readable medium of claim 19, further comprising monitoring communications and detecting input data from one or more users and automatically updating security schemes based on correlation of the input data with the first and second sets of data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Northcross Group
Original Assignee
Northcross Group
Inventors
Bender, Christopher J., Wininger, David S.
Primary Examiner(s)
Chiang, Jason C

Application Number

US14/628,712
Publication Number

US 20150242619A1
Time in Patent Office

925 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

G06F 2221/034   Test or assess a computer o...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

Security management system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Security management system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links