Optimizing risk-based compliance of an information technology (IT) system
US9456004B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 5, 2014 |
| Grant date | Sep 27, 2016 |
| Priority date | — |
| Expiry date | Aug 21, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1433
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
For each of a plurality of endpoints of an information technology system having a plurality of security policies, a probability of being safe of each of said endpoints is determined according to each of said security policies. Said determining takes into account probability of security compromise for a single violation of each given one of said security policies. A risk-aware compliance metric is determined for said information technology system based on each of said probabilities of being safe for each of said endpoints and each of said policies. At least one of an operation and a remediation is carried out on said information technology system based on said risk-aware compliance metric. Techniques for optimizing risk-aware compliance are also provided.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.