Dynamic enterprise security control based on user risk factors

Assignee

• International Business Machines Corporation · US

Inventors

• Gregory J. Boss · American Fork, US
• Andrew R. Jones · Round Rock, US
• Charles S. Lingafelt · Durham, US
• Kevin C. McConnell · Austin, US
• John E. Moore, Jr. · Pflugerville, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2149
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Aspects dynamically set enterprise-level security rules by assessing risk factors associated with a user. Risk values representing likelihoods of loss of enterprise secure data are determined for different attributes of a user, and added together to generate a user risk factor. If the risk factor does not meet one or more off-site access threshold value(s), additional security enhancements applicable to the user and not enabled within currently applied security are iteratively selected and used to revise the security settings, and the risk factor is revised by a risk abrogation value of each of the selected security enhancements, until either the revised risk factor meets the off-site access threshold value(s) (wherein access is granted to the secure data from the off-site location pursuant to the revised security settings), or until no additional applicable security enhancements are available (wherein user access to the secure data from the off-site location is denied).