Method and apparatus for data security analysis of data flows
First Claim
Patent Images
1. A method comprising:
- assigning a policy to a data element, wherein the data element is part of a data flow having one or more flow steps reflecting usage of the data element, wherein each flow step specifies method of transport of the data element as part of the policy, the policy being associated with a classification level for the data element;
determining a data flow configuration according to the classification level involving how the data element is processed by a plurality of processing nodes;
determining, based on the data flow configuration, an expected sequence of the processing nodes that will interact with the data element;
monitoring the data element and the data flow to determine an observed sequence; and
identifying a potential security issue when there is a deviation of the observed sequence from the expected sequence.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus useful for data risk monitoring and management includes configuration and analysis of data flows to identify and assess risk and compliance to various regulatory standards and business practices. The evaluation of monitored data flows are then further used to identify potential security risks based on deviation from expected flows or compliant handling methods.
19 Citations
22 Claims
-
1. A method comprising:
-
assigning a policy to a data element, wherein the data element is part of a data flow having one or more flow steps reflecting usage of the data element, wherein each flow step specifies method of transport of the data element as part of the policy, the policy being associated with a classification level for the data element; determining a data flow configuration according to the classification level involving how the data element is processed by a plurality of processing nodes; determining, based on the data flow configuration, an expected sequence of the processing nodes that will interact with the data element; monitoring the data element and the data flow to determine an observed sequence; and identifying a potential security issue when there is a deviation of the observed sequence from the expected sequence. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code for one or more programs, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following, assign a policy to a data element, wherein the data element is part of a data flow having one or more flow steps reflecting usage of the data element, wherein each flow step specifies method of transport of the data element as part of the policy, the policy being associated with a classification level for the data element; determine a data flow configuration according to the classification level involving how the data element is processed by a plurality of processing nodes; determine, based on the data flow configuration, an expected sequence of the processing nodes that will interact with the data element; monitor the data element and the data flow to determine an observed sequence; and identify a potential security issue when there is a deviation of the observed sequence from the expected sequence. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification