Method and system for creating a record for one or more computer security incidents
First Claim
1. A computer program product for creating a record of one or more computer security incidents, said computer program product comprising:
- a computer-readable, tangible storage device;
first program instructions to record information about a computer security incident and a date stamp or time stamp for the computer security incident, the computer security incident information identifying one or more attacks received from a network computer that occur prior to an actual computer security threat;
second program instructions, responsive to the computer security incident information, to classify the computer security incident and identify one or more computer security procedures corresponding to the classification, each of said computer security procedures comprising one or more steps for investigating or mitigating the computer security incident;
third program instructions to generate a display of said one or more computer security procedures;
fourth program instructions to receive a selection from a user of one of said computer security procedures and one or more steps of the selected computer security procedure to mitigate the one or more attacks; and
fifth program instructions to generate and output a record comprising the computer security incident information, results of execution of the selected one or more steps of the selected computer security procedure, an identity of the user who selected the computer security procedure, and the date stamp and time stamp for the computer security incident,wherein the fifth program instructions record the results of the executed computer security procedure with a digital signature to enable detection of any attempted modification of the record, whereby integrity of the record can be monitored, andwherein said first, second, third, fourth and fifth program instructions are stored on said computer-readable, tangible storage device.
3 Assignments
0 Petitions
Accused Products
Abstract
A security management system can log, investigate, respond, and track computer security incidents that can occur in a networked computer system. In other words, the security management system can produce a security record of information related to the tracking of suspicious computer activity or actual computer security threats, such as denial of service attacks or other similar compromises to computers or computer networks. The security record can include, but is not limited to, date and times of computer security incidents, a name for a particular security incident, a security management system user, and a potential source of the computer security incident. The security record can be designed as a running log that saves or records all activity of a computer incident source as well as the activity of the security team responding to the computer incident source. To produce the security record, all data that relates to a computer incident and all data that relates to a computer incident response can be sent to a separate protected database, where data is protected by digital signature algorithms (DSAs).
264 Citations
19 Claims
-
1. A computer program product for creating a record of one or more computer security incidents, said computer program product comprising:
-
a computer-readable, tangible storage device; first program instructions to record information about a computer security incident and a date stamp or time stamp for the computer security incident, the computer security incident information identifying one or more attacks received from a network computer that occur prior to an actual computer security threat; second program instructions, responsive to the computer security incident information, to classify the computer security incident and identify one or more computer security procedures corresponding to the classification, each of said computer security procedures comprising one or more steps for investigating or mitigating the computer security incident; third program instructions to generate a display of said one or more computer security procedures; fourth program instructions to receive a selection from a user of one of said computer security procedures and one or more steps of the selected computer security procedure to mitigate the one or more attacks; and fifth program instructions to generate and output a record comprising the computer security incident information, results of execution of the selected one or more steps of the selected computer security procedure, an identity of the user who selected the computer security procedure, and the date stamp and time stamp for the computer security incident, wherein the fifth program instructions record the results of the executed computer security procedure with a digital signature to enable detection of any attempted modification of the record, whereby integrity of the record can be monitored, and wherein said first, second, third, fourth and fifth program instructions are stored on said computer-readable, tangible storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for creating a record of one or more computer security incidents, said computer program product comprising:
-
a computer-readable, tangible storage device; first program instructions to record information about a computer security incident and a date stamp or time stamp for the computer security incident, the computer security incident information identifying one or more attacks received from a network computer that occur prior to an actual computer security threat; second program instructions, responsive to the computer security incident information, to classify the computer security incident and identify one or more computer security procedures corresponding to the classification, each of said computer security procedures comprising one or more steps for investigating or mitigating the computer security incident; third program instructions to generate a display of said one or more computer security procedures; fourth program instructions to receive a selection from a user of one of said computer security procedures and one or more steps of the selected computer security procedure to mitigate the one or more attacks; fifth program instructions to identify a computer capable of executing a step in the selected computer security procedure; and sixth program instructions to generate and output a record comprising the computer security incident information, results of execution of the selected one or more steps of the selected computer security procedure, an identity of the user who selected the computer security procedure, and the date stamp and time stamp for the computer security incident, wherein the sixth program instructions record the results of the executed computer security procedure with a digital signature to enable detection of any attempted modification of the record, whereby integrity of the record can be monitored, and wherein said first, second, third, fourth, fifth, and sixth program instructions are stored on said computer-readable, tangible storage device. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer system for creating a record of one or more computer security incidents, said computer system comprising:
-
a CPU, computer-readable memory, and a computer-readable, tangible storage device; first program instructions to record information about a computer security incident and a date stamp or time stamp for the computer security incident, the computer security incident information identifying one or more attacks received from a network computer that occur prior to an actual computer security threat; second program instructions, responsive to the computer security incident information, to classify the computer security incident and identify one or more computer security procedures corresponding to the classification, each of said computer security procedures comprising one or more steps for investigating or mitigating the computer security incident; third program instructions to generate a display of said one or more computer security procedures; fourth program instructions to receive a selection from a user of one of said computer security procedures and one or more steps of the selected computer security procedure to mitigate the one or more attacks; and fifth program instructions to generate and output a record comprising the computer security incident information, results of execution of the selected one or more steps of the selected computer security procedure, and the date stamp and time stamp for the computer security incident wherein the fifth program instructions record the results of the executed computer security procedure with a digital signature to enable detection of any attempted modification of the record, whereby integrity of the record can be monitored, and wherein said first, second, third, fourth and fifth program instructions are stored on said computer-readable, tangible storage device for execution by the CPU via the computer-readable memory. - View Dependent Claims (15, 16, 17)
-
-
18. A computer program product for creating a record of one or more computer security incidents, said computer program product comprising:
-
a computer-readable, tangible storage device; first program instructions to record information about a computer security incident and a date stamp or time stamp for the computer security incident, the computer security incident information identifying one or more attacks received from a network computer that occur prior to an actual computer security threat; second program instructions, responsive to the computer security incident information, to classify the computer security incident and identify one or more computer security procedures corresponding to the classification, each of said computer security procedures comprising one or more steps for investigating or mitigating the computer security incident; third program instructions to generate a display of said one or more computer security procedures; fourth program instructions to receive a selection from a user of one of said computer security procedures and one or more steps of the selected computer security procedure to mitigate the one or more attacks; fifth program instructions to generate and output a record comprising the computer security incident information, results of execution of the selected one or more steps of the selected computer security procedure, an identity of the user who selected the computer security procedure, and the date stamp and time stamp for the computer security incident; and sixth program instructions to predict future actions of a source of the computer security incident based on a sequence of actions taken by the source, and wherein the sixth program instructions are stored on said computer-readable, tangible storage device, wherein said first, second, third, fourth, fifth, and sixth program instructions are stored on said computer-readable, tangible storage device.
-
-
19. A computer system for creating a record of one or more computer security incidents, said computer system comprising:
-
a CPU, computer-readable memory, and a computer-readable, tangible storage device; first program instructions to record information about a computer security incident and a date stamp or time stamp for the computer security incident, the computer security incident information identifying one or more attacks received from a network computer that occur prior to an actual computer security threat; second program instructions, responsive to the computer security incident information, to classify the computer security incident and identify one or more computer security procedures corresponding to the classification, each of said computer security procedures comprising one or more steps for investigating or mitigating the computer security incident; third program instructions to generate a display of said one or more computer security procedures; fourth program instructions to receive a selection from a user of one of said computer security procedures and one or more steps of the selected computer security procedure to mitigate the one or more attacks; fifth program instructions to generate and output a record comprising the computer security incident information, results of execution of the selected one or more steps of the selected computer security procedure, and the date stamp and time stamp for the computer security incident; and sixth program instructions to predict future actions of a source of the computer security incident based on a sequence of actions taken by the source, and wherein the sixth program instructions are stored on said computer-readable, tangible storage device, wherein said first, second, third, fourth, fifth, and sixth program instructions are stored on said computer-readable, tangible storage device for execution by the CPU via the computer-readable memory.
-
Specification