41 results about "Information security policy" patented technology

The present invention relates to the automatic detection of sensitive digital information, and the identification methods, application and enforcement of information security policies for digital information controlled through a software permission wrapper throughout the useful life of the information. This invention includes a unique taxonomy that defines the policies and rules regarding how the information is controlled automatically throughout its useful lifecycle based on the type of information, the stage of the information lifecycle, the user / group role accessing the information, the locality of the information, and the expected threats to the information. The taxonomy is maintained in a database that associates information security control policies and actions to sensitive data. These policies are enforced through a software permission wrapper that is used to encapsulate sensitive digital information. The software permission wrapper is used to control access and enforce digital rights to the information based on the taxonomy based policies for that information. The permission wrapper can automatically change the protection of the information based on pre-defined protection states that can automatically enforce discretionary access control rights to the sensitive information controlled in the permission wrapper. The changes to the level of protection occur dynamically based on changes in user locality, stage of information lifecycle, and user / group role and the detection of threats. In addition, there is provided an internal audit capability describing what actions the user has performed, where the data is located, with whom and how the data has been shared.

Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and / or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and / or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.

A method and apparatus for creating a policy based on a pre-configured template is described. In one embodiment, source data having a tabular structure is identified. Further, one of multiple policy templates is used to automatically create a policy for detecting information from any one or more rows within the tabular structure of the source data.

In order to provide an information security policy evaluation system in which information security policies can be efficiently and appropriately defined and operated in an organization, such as a corporation, treated threats operated on a second site are transmitted from a second information processing apparatus on the second site to a first information processing apparatus on a first site, threat information is transmitted from a third site collecting information on threats to the first information processing apparatus on the first site. The first information processing apparatus extracts treated threats which have been effective for threats having occurred actually, and untreated threats, out of the received treated threat and generates an evaluation report in which these are described. Moreover, a compensation amount of insurance against threats is changed based on the generated evaluation report.

Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and / or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and / or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.

An image forming apparatus which is capable of making a user aware of a violation of an information security policy. A network communication unit receives data having a user ID attached thereto from an external apparatus. A printing unit prints an image based on the data. A control unit executes user authentication using the user ID attached to the data and determines, when the user authentication is successful, whether or not a password expiration date of the user has passed. When it is determined that the password expiration date has passed, the control unit restricts printing of the image to be printed based on the data having the user ID attached thereto.

Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and / or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and / or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.

A method, apparatus and computer program product for policy-based access control in association with a sorted, distributed key-value data store in which keys comprise n-tuple structure that includes a cell-level access control. In this approach, an information security policy is used to create a set of pluggable policies. A pluggable policy may be used during data ingest time, when data is being ingested into the data store, and a pluggable policy may be used during query time, when a query to the data store is received for processing against data stored therein. Generally, a pluggable policy associates one or more user-centric attributes (or some function thereof), to a particular data-centric label. By using pluggable policies, preferably at both ingest time and query time, the data store is enhanced to provide a seamless and secure policy-based access control mechanism in association with the cell-level access control enabled by the data store.

Disclosed is a system and method for detecting and mitigating the writing of sensitive or prohibited information to memory or communication media. The method includes detecting if an application is to write data to a memory, rerouting the writing of that data, and scanning the data for sensitive content or prohibited information. The scanning is done in accordance with one or more information security policies. If sensitive information is detected, the system has the option of issuing an alarm and / or preventing the sensitive information from being written, depending on the security policy. If the system permits the sensitive information to be written to memory, the system may spawn a file watcher object, which waits for a specified amount of time and then checks to see if the sensitive information has been deleted. If not, the system may issue an alarm or erase the sensitive information, depending on the security policy.

An image forming apparatus which is capable of making a user aware of a violation of an information security policy. A network communication unit receives data having a user ID attached thereto from an external apparatus. A printing unit prints an image based on the data. A control unit executes user authentication using the user ID attached to the data and determines, when the user authentication is successful, whether or not a password expiration date of the user has passed. When it is determined that the password expiration date has passed, the control unit restricts printing of the image to be printed based on the data having the user ID attached thereto.

Described is a system for enforcing software policies. The system transforms an original software by inserting additional instructions into the original software. The additional instructions have the effect of determining, at run-time, whether proceeding with execution of the original software is in accordance with a predefined policy. Transforming the original software relies on software analysis to determine whether any run-time checks normally inserted into the original software can be safely omitted. The transformed software prevents unauthorized information from passing to the network.

An image processing apparatus that is capable of appropriately applying security policy data based on an information security policy. Security policy data containing a policy name of a security policy and a security policy setting value corresponding to the policy name is applied to the image processing apparatus. An obtaining unit obtains updating security policy data for updating the security policy data. An application version determination unit determines whether the updating security policy data obtained by the obtaining unit will be applied according to a predetermined application version setting value, when a version of the updating security policy data differs from a version of security policy data that is being applied actually. An application unit applies the updating security policy data when the application version determination unit determines that the updating security policy data will be applied.

An image processing apparatus which enables a user to change the user mode while maintaining the state compliant with the information security policy. A network communication section receives security policy data in which information security policy is described from an external apparatus. A CPU identifies an operation mode of the image processing apparatus based on the received security policy. The CPU configures the identified operation mode such that the information security policy is satisfied.

The invention provides a system of USB mobile storage medium security isolation and monitoring management. In the system, U disk isolator equipment is used for physically isolating the U disks of the users from hosts. Several file security policies are set and allocated for each equipment by a network management system. The files are only allowed to enter into the system or be copied onto the U disks as long as the files are in consistent with the security policies. Audit data are generated for each file access to the system so as to be convenient for tracing the information flow direction. Through the mode of software and hardware combination, the invention thoroughly solves the problem of security when the internal network system with information security and confidentiality requirements receives and acquires the mobile storage media data of the external network. Information security places emphasis on prevention and control, and the invention adopts the file security policy management mode, just embodying the emphasis, thus being a quite effective monitoring management means for the condition that the internal network system uses the USB mobile storage media.

The invention relates to the technical field of information safety, in particular to a collaborative analysis method of information security operation centers. An internetwork collaborative module of one of the security operation centers sends suspected threat information, then a safety event management module analyzes the suspected threat information, and it is determined that a threat is found if the threat meets the standard of a certain attack event; a receiver finding the threat informs a sender of the suspected threat and other security operation centers of confirmation information through the internetwork collaborative module; a requester takes corresponding measures through a safety strategy library; if the sender does not find the threat by himself, correlation analysis of the second stage is carried out by communication between the sender and other receivers; all the security operation centers take corresponding measures for response after receiving the information. The collaborative analysis method of the information security operation centers achieves the collaborative analysis of the information security operation centers and can be used for the security operation centers for information security operation.

The invention discloses a unified risk quantitative evaluation method for instrument functional safety and information security strategy. The method of the invention specifically includes establishing an instrument integrated causal failure model in combination with an attack tree and a fault tree; Calculate the failure probability of each functional module of the instrument by means of the possibility and other methods; according to the attributes of the security policy, analyze the instrument security vulnerabilities that can be mitigated by the instrument functional safety and information security policies and the corresponding policy implementation effects; add The protection node establishes an instrument security policy evaluation model; through expert scoring of each functional module of the instrument, quantitative evaluation of the instrument functional safety and information security strategy is carried out according to the change of risk value before and after the implementation of the security policy. The invention can provide a certain theoretical basis for the deployment of the safety strategy in the instrument design process, and improves the accuracy compared with the qualitative evaluation in the current safety standards.

The invention discloses a security policy generation system for computer network emergency response, which is characterized in that: the security policy generation module starts and receives the attack event information, and the security policy generation module calls the preset definition information of the attack event in the database, and then Comparing the attack event information with the preset definition information of the attack event in the database, the security policy generation module will determine the corresponding response mode set A, and then the security policy generation module will perform policy analysis and screening on the determined corresponding response mode set A. After analysis and screening, a subset of response methods is obtained. Finally, the security policy generation module selects the response method with the highest comprehensive coefficient as the final response method according to the policy control principle. This system is a network that responds quickly, troubleshoots quickly, and recovers effectively. Emergency troubleshooting system.