Network policy management and effectiveness system

US 8,756,653 B2
Filed: 02/19/2013
Issued: 06/17/2014
Est. Priority Date: 06/25/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method for creating a network policy in a computer network, the method comprising:

receiving user input from a first participant, the user input selecting one of a plurality of available screen personalities;

presenting the first participant with a particular policy recommendation session configured to accommodate a plurality of participants and to represent each of the plurality of participants using a screen personality, wherein the first participant'"'"'s screen personality corresponds to the available screen personality selected by the input from the first participant;

selecting, using a hardware processor, a suggested policy;

presenting, using the hardware processor, the suggested policy to the plurality of participants;

obtaining, from one or more of the plurality of participants, network policy recommendations regarding the suggested policy; and

generating the network policy based on the obtained network policy recommendations.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The Present Invention discloses a method and apparatus for maintaining policy compliance on a computer network. A system in accordance with the principles of the Present Invention performs the steps of electronically monitoring network user compliance with a network security policy stored in a database, electronically evaluating network security policy compliance based on network user compliance and electronically undertaking a network policy compliance action in response to network security policy non-compliance. The network policy compliance actions may include automatically implementing a different network security policy selected from network security policies stored in the database, generating policy effectiveness reports and providing a retraining module to network users.

48 Citations

View as Search Results

20 Claims

1. A method for creating a network policy in a computer network, the method comprising:
- receiving user input from a first participant, the user input selecting one of a plurality of available screen personalities;
  
  presenting the first participant with a particular policy recommendation session configured to accommodate a plurality of participants and to represent each of the plurality of participants using a screen personality, wherein the first participant'"'"'s screen personality corresponds to the available screen personality selected by the input from the first participant;
  
  selecting, using a hardware processor, a suggested policy;
  
  presenting, using the hardware processor, the suggested policy to the plurality of participants;
  
  obtaining, from one or more of the plurality of participants, network policy recommendations regarding the suggested policy; and
  
  generating the network policy based on the obtained network policy recommendations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - evaluating the network policy by;
      
      generating a network policy compliance value based on monitoring network user compliance for a plurality of network users; and
      
      comparing the compliance value to a target compliance value, wherein the target compliance value defines a baseline for network policy compliance.
  - 3. The method of claim 1, wherein the recommendations comprise modified network policies, the method further comprising:
    - providing at least one modified network policy to the participants; and
      
      receiving a group-modified policy from the network users.
  - 4. The method of claim 1, wherein the network policy comprises:
    - a network hardware policy;
      
      an email policy;
      
      an internet policy;
      
      a software license policy;
      
      a document management system policy;
      
      ora network security enforcement policy.
  - 5. The method of claim 1 further comprising modifying the generated network policy based on a network user compliance report.
  - 6. The method of claim 1 further comprising providing a means for updating the generated network policy.
  - 7. The method of claim 6 wherein the means for updating comprise:
    - periodically reviewing a set of parameters of the network policy;
      
      determining the viability of each of the parameters of the set of parameters of the network policy; and
      
      adjusting one or more of the parameters of the set of parameters of the network policy based on the determination of viability.
  - 8. The method of claim 1 further comprising:
    - generating one or more additional network policies;
      
      for each of the network policy and the additional network policies, calculating a compliance value indicating network user compliance by a group of users;
      
      automatically analyzing the compliance values to identify an insufficient network policy based on network user compliance with the insufficient network policy; and
      
      automatically substituting a different network policy in place of the insufficient network policy.
  - 9. The method of claim 1 wherein the network policy comprises an associated security level identifying the relative restrictiveness of the associated network policy.

10. A computer-readable memory device storing instructions that, when executed by a computing device, cause the computing device to perform operations for interactively generating a network policy, the operations comprising:
- providing a suggested network policy to a plurality of network users;
  
  receiving one or more modified first network policies from at least one of the network users;
  
  providing at least one of the modified first network policies to the network users;
  
  receiving a group of modified second network policies from the network users; and
  
  generating the final network policy based on the modified second network policies from the network users.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer-readable memory device of claim 10, further comprising:
    - evaluating the final network policy by;
      
      generating a network policy compliance value based on monitoring network user compliance for a second plurality of network users; and
      
      comparing the compliance value to a target compliance value, wherein the target compliance value defines a baseline for network policy compliance.
  - 12. The computer-readable memory device of claim 10 further comprising modifying the generated final network policy based on a network user compliance report.
  - 13. The computer-readable memory device of claim 10 further comprising:
    - generating one or more additional network policies;
      
      for each of the final network policy and the additional network policies, calculating a compliance value indicating network user compliance by a group of users;
      
      automatically analyzing the compliance values to identify an insufficient network policy based on network user compliance with the insufficient network policy; and
      
      automatically substituting a different network policy in place of the insufficient network policy.
  - 14. The computer-readable memory device of claim 10 wherein the final network policy comprises an associated security level identifying the relative restrictiveness of the associated network policy.

15. A system for creating a network policy comprising:
- a transceiver configured to receive, from each of a plurality of participants, a user input selecting one of a plurality of available screen personalities;
  
  a policy recommendation session initiator configured to present the plurality of participants with a policy recommendation session, the policy recommendation session configured to represent each of the plurality of participants using a screen personality corresponding to that participant'"'"'s available screen personality selection; and
  
  a policy suggester configured to present a policy to the plurality of participants;
  
  an opinion collector configured to obtain, from the plurality of participants, network policy recommendations regarding the suggested policy; and
  
  a network policy generator configured to generate the network policy based on the obtained recommendations.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, further comprising:
    - evaluating the network policy by;
      
      generating a network policy compliance value based on monitoring network user compliance for a plurality of network users; and
      
      comparing the compliance value to a target compliance value, wherein the target compliance value defines a baseline for network policy compliance.
  - 17. The system of claim 15 wherein the policy recommendation session further presents the plurality with a facilitator to moderate the policy recommendation session'"'"'s content or time.
  - 18. The system of claim 15 further comprising modifying the generated network policy based on a network user compliance report.
  - 19. The system of claim 15 further comprising:
    - generating one or more additional network policies;
      
      for each of the network policy and the additional network policies, calculating a compliance value indicating network user compliance by a group of users;
      
      automatically analyzing the compliance values to identify an insufficient network policy based on network user compliance with the insufficient network policy; and
      
      automatically substituting a different network policy in place of the insufficient network policy.

20. A system for interactively generating a network policy comprising:
- means for providing a suggested first network policy to a plurality of network users;
  
  means for receiving one or more modified second network policies from at least one of the network users;
  
  means for providing at least one of the second modified network policies to the network users;
  
  means for receiving a group of third modified network policies from the network users; and
  
  means for generating the final network policy based on the modified third network policies from the network users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Longhorn HD LLC (Alpha Alpha Intellectual Partners LLC)
Original Assignee
Yaszistra Fund III LLC (Intellectual Ventures LLC)
Inventors
Jacobson, Andrea M.
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US13/770,778
Publication Number

US 20130276055A1
Time in Patent Office

483 Days
Field of Search

726/1, 726 22- 26, 709223-224
US Class Current

726/1
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 63/0227   Filtering policies mail mes...

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/20   for managing network securi...

H04L 9/40   Network security protocols

Network policy management and effectiveness system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network policy management and effectiveness system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links