Controlling and managing identity access risk

US 9,830,568 B2
Filed: 10/24/2014
Issued: 11/28/2017
Est. Priority Date: 08/14/2014
Status: Active Grant

First Claim

Patent Images

1. A method of controlling identity and access management risk in an information technology (IT) environment, comprising:

generating, by at least one computing device, a maturity model that maps a plurality of access management controls to a plurality of IT resources associated with the IT environment;

determining, by the at least one computing device, for each IT resource of the plurality of IT resources, a plurality of access management maturity scores, each access management maturity score of the plurality of access management scores corresponding to an access management control of the plurality of access management controls that are associated with the corresponding IT resource;

determining, by the at least one computing device, an aggregate maturity score for the IT environment based on the plurality of access management maturity scores for the plurality of IT resources; and

providing, by the at least one computing device, the maturity model and the aggregate maturity score for the IT environment to at least one governance system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for controlling and managing identity and access management risks are presented. A computing device may generate a maturity model that maps a plurality of access management controls to a plurality of information technology (IT) resources associated with an IT environment. Subsequently, the computing device may determine, for each IT resource of the plurality of IT resources, a plurality of access management maturity scores. Each access management maturity score of the plurality of access management scores may correspond to an access management control of the plurality of access management controls that are associated with the corresponding IT resource. The computing device then may determine an aggregate maturity score for the IT environment based on the plurality of access management maturity scores for the plurality of IT resources. Thereafter, the computing device may provide the maturity model and the aggregate maturity score to at least one governance system.

64 Citations

View as Search Results

20 Claims

1. A method of controlling identity and access management risk in an information technology (IT) environment, comprising:
- generating, by at least one computing device, a maturity model that maps a plurality of access management controls to a plurality of IT resources associated with the IT environment;
  
  determining, by the at least one computing device, for each IT resource of the plurality of IT resources, a plurality of access management maturity scores, each access management maturity score of the plurality of access management scores corresponding to an access management control of the plurality of access management controls that are associated with the corresponding IT resource;
  
  determining, by the at least one computing device, an aggregate maturity score for the IT environment based on the plurality of access management maturity scores for the plurality of IT resources; and
  
  providing, by the at least one computing device, the maturity model and the aggregate maturity score for the IT environment to at least one governance system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1,wherein determining the plurality of access management maturity scores for each IT resource of the plurality of IT resources includes receiving a plurality of indicator values,wherein each indicator value of the plurality of indicator values is associated with a category of a plurality of categories, andwherein each category of the plurality of categories is associated with a process map area of a plurality of process map areas.
  - 3. The method of claim 1, further comprising:
    - generating, by the at least one computing device, for each IT resource of the plurality of IT resources, a plurality of access management maturity score targets, each access management maturity score target of the plurality of access management maturity score targets being generated for a particular access management control of the plurality of access management controls that are associated with the corresponding IT resource.
  - 4. The method of claim 3, further comprising:
    - generating, by the at least one computing device, an aggregate maturity score target for the IT environment based on the plurality of access management maturity score targets for the plurality of IT resources.
  - 5. The method of claim 4, further comprising:
    - generating, by the at least one computing device, a maturity roadmap based on the aggregate maturity score target for the IT environment.
  - 6. The method of claim 4, wherein the at least one governance system is configured to:
    - receive, from the at least one computing device, the maturity model and the aggregate maturity score for the IT environment;
      
      receive, from the at least one computing device, the plurality of access management maturity score targets for the plurality of IT resources;
      
      receive, from the at least one computing device, the aggregate maturity score target for the IT environment;
      
      identify one or more IT resources of the plurality of IT resources to which one or more automated access management controls are applicable;
      
      select at least one automated access management control of the one or more automated access management controls to be applied to the one or more identified IT resources, based on the maturity model, the aggregate maturity score for the IT environment, the plurality of access management maturity score targets for the plurality of IT resources, and the aggregate maturity score target for the IT environment; and
      
      apply the at least one selected automated access management control of the one or more automated access management controls to the one or more identified IT resources.
  - 7. The method of claim 1, further comprising:
    - periodically reevaluating, for each IT resource of the plurality of IT resources, the plurality of access management maturity scores to determine an updated aggregate maturity score for the IT environment.
  - 8. The method of claim 1,wherein the plurality of access management controls include a provision control, a de-provision control, an authentication control, an authorization control, and an access review control, andwherein the plurality of IT resources associated with the IT environment include at least one application resource, at least one database resource, at least one platform resource, at least one network infrastructure resource, at least one collaboration site resource, and at least one third-party hosting resource.
  - 9. The method of claim 2, wherein the plurality of process map areas include a governance area, a build-and-develop area, a tools area, an operations area, and a reporting-and-monitoring area.
  - 10. The method of claim 9, wherein the governance area is associated with a first subset of the plurality of categories, the first subset of the plurality of categories including a management category, a standards category, a control-owner category, a quality-assurance-and-quality-control category, a stakeholders category, an organization category, and a risk-portfolio category.
  - 11. The method of claim 9, wherein the build-and-develop area is associated with a second subset of the plurality of categories, the second subset of the plurality of categories including an architecture category and a development category.
  - 12. The method of claim 9, wherein the tools area is associated with a third subset of the plurality of categories, the third subset of the plurality of categories including a solutions category and a training category.
  - 13. The method of claim 9, wherein the operations area is associated with a fourth subset of the plurality of categories, the fourth subset of the plurality of categories including a process category, a reconciliation category, and an enforcement category.
  - 14. The method of claim 9, wherein the reporting-and-monitoring area is associated with a fifth subset of the plurality of categories, the fifth subset of the plurality of categories including a dashboards category, a metrics category, and a report category.
  - 15. The method of claim 2, wherein each indicator value of the plurality of indicator values is selected from a group of possible indicator values including a performed-ad-hoc value, a managed value, an established value, a predictable-measurable value, and an optimized value.
  - 16. The method of claim 1, wherein the at least one governance system is configured to identify one or more immature areas in the IT environment for investment based on the maturity model.
  - 17. The method of claim 16, wherein the at least one governance system is configured to determine, for at least one specific IT resource of the plurality of IT resources, at least one specific access management control of the plurality of access management controls for investment.
  - 18. The method of claim 17, wherein the at least one governance system is configured to generate one or more key deliverables for the at least one specific access management control.

19. A system for controlling identity and access management risk in an information technology (IT) environment, comprisingat least one processor;
- andmemory storing computer-readable instructions that, when executed by the at least one processor, cause the system to;
  
  generate a maturity model that maps a plurality of access management controls to a plurality of IT resources associated with the IT environment;
  
  determine, for each IT resource of the plurality of IT resources, a plurality of access management maturity scores, each access management maturity score of the plurality of access management scores corresponding to an access management control of the plurality of access management controls that are associated with the corresponding IT resource;
  
  determine an aggregate maturity score for the IT environment based on the plurality of access management maturity scores for the plurality of IT resources; and
  
  provide the maturity model and the aggregate maturity score for the IT environment to at least one governance system.

20. One or more non-transitory computer-readable media storing instructions that, when executed by at least one computing device, cause the at least one computing device to:
- generate a maturity model that maps a plurality of access management controls to a plurality of IT resources associated with the IT environment;
  
  determine, for each IT resource of the plurality of IT resources, a plurality of access management maturity scores, each access management maturity score of the plurality of access management scores corresponding to an access management control of the plurality of access management controls that are associated with the corresponding IT resource;
  
  determine an aggregate maturity score for the IT environment based on the plurality of access management maturity scores for the plurality of IT resources; and
  
  provide the maturity model and the aggregate maturity score for the IT environment to at least one governance system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Johnson, Dwayne Robert
Primary Examiner(s)
Revak, Christopher

Application Number

US14/522,804
Publication Number

US 20160048782A1
Time in Patent Office

1,131 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 10/0635 Risk analysis of enterprise...

H04L 63/20 for managing network securi...

Controlling and managing identity access risk

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling and managing identity access risk

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links