TW201102958A - System and method for information risk management - Google Patents
System and method for information risk management Download PDFInfo
- Publication number
- TW201102958A TW201102958A TW98140757A TW98140757A TW201102958A TW 201102958 A TW201102958 A TW 201102958A TW 98140757 A TW98140757 A TW 98140757A TW 98140757 A TW98140757 A TW 98140757A TW 201102958 A TW201102958 A TW 201102958A
- Authority
- TW
- Taiwan
- Prior art keywords
- risk
- information
- information access
- access
- patent application
- Prior art date
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
Description
201102958 六、發明說明: 【發明所屬之技術領域】 尤其係有關於-種管理和資訊存取有 本發明係關於資訊安全, 關的風險的系統與方法。 【先前技術】 代的今天,資訊就是力量,擁有正確的資訊 表革握了競爭的優勢。每一企紫έ日敏田' 、、’、 其本身鮮谨侧MM ^業織日此莫不極為謹慎的保謨 if ϊ傳統上,機密性資訊只限於少數具 鮮上:員(_ personnel)可以存取(access)。這 ::=方法_簡單也易於實施,但是需求有變化時就 個J用者被J為有高風險(risk),那他對系統的存取就 果使用者被認為是安全的,那他對系統的存 常“二ί到,ΐ制。但是’一般賦予一個使用者的權限通 ..5 。一旦賦予,他所為的存取的風險就不會再被評 ㈣.別且系統也通常不具有這種即時稽核(real time auditing )201102958 VI. Description of the invention: [Technical field to which the invention pertains] In particular, there are systems and methods for managing and accessing information in relation to information security and information. [Prior Art] Today, information is power and has the right information. The watch has the advantage of competition. Every enterprise, Ziyu, Mintian, ',, ', its own fresh side, MM, industry, we are not very cautious, if you are traditional, confidential information is limited to a few: _ personnel Can be accessed. This::=method_simple and easy to implement, but when the demand changes, the J user is judged to have a high risk, then his access to the system is considered to be safe, then he The system's existence is often "two, to control. But 'general authority is generally given to a user.. 5. Once given, the risk of his access will not be evaluated again. (4). And the system is usually Does not have such real time auditing
p 。因此’―個有高權限但惡意的使用者得以濫用其權 限,直到危害或重大損失發生後才會被注意到。 有需要#估和監控和各種存取相關的風險,而本發 明就疋針對這樣需求的創作。 【發明内容】 於本^明之-實施例,本發明提供—種計算系統裡—資訊存取 的總風險(total risk)的方法。該方法包含了下列步驟。首 先,建立-種多維度的風險模型,其中每—維度代表一種類型 的風險,接下來,從一資訊存取監控單元(_it〇ring unit) 201102958 接收一資訊存取;接著從各個維度、依據各 (policy) =的座標)’取後,從&些維度的風險(類 於本毛明之另-實施例,本發明提供—種管理系統裡— 取的風險的方法。該方法包含了下列步驟。首先 從二】 則儲存單元(policy storage unit)所取得的準則, 二 資訊存取的多種風險;然後,將該資訊存取存放到一個儲存 ΪμΪ下來,於一控儀(eGntn)lle〇從該些風險計算出—個 ^體^險;接著’再創設-事件(event)將該總體風險和該 -貝訊存取關連(麵date)起來;接下來,透過多個過遽、條件 (filtering criteria)挑選出多個事件;將該些事件呈現於一瀚 iiT^或Γ顯示裝置;以及,將該些過渡條件創設為— I色本(template)。 於本發明之又—實麵,本發贿供—種管㈣統裡—資訊 $風^裝置(apparatus)。該裝置包含了—接收資訊存取 的貧訊存取監控單元、-存放準則的準則儲存#元、以及一鹿 =些準麟魏柄αχ計算其風險、娜範本產生報表的控 制裔。該控制器還可根據過濾條件創設範本。 ,本發明之再-實麵,本發明提供—種呈現事先定義好的、 和貧訊存取顺有_報表的方法。該方法包含了 τ列步驟。 Ιί」從一貧訊存取監控單元接收多個資訊存取;然後,將每 二貧訊存取闕連到-風險,而該風險係依據多個從一準則儲存 :兀所取得的準騎算而得;接下來,從—使用者介面單元接 二報表選擇;紐’難所選㈣絲賴連的過滤條件; 妾者’根據所選擇的報表取出資訊存取;最後,呈現該些資訊 201102958 存取、以及該所選擇的報表。 提供之系統與方法的優點在於能夠辨識異常的資訊 以下將配合所附圖式、實施例之詳細說明及申請專 a辄,將上述及本發明之其他目的與優點詳述於後。然而, 二2,所_式純係為解說本發明之精神而設,不當視為本 之定義。制本發明範紅定義,請參照所附之申請 【實施方式】 於本況明書中’「應用程式(此此) . (raw (aggrefed data)、_修補(p滅)、以及其他碼段(code ΤΙ:僅气夕列不」(eXemPlary) 一詞對所描述的實施例 舉其―例’並不表示有所偏好。此外「基準」 ase me 土準 > 讯」(baseline inf〇rmati〇n )、「基準資料庫 mfZ2!)TlQi} ^ # tfL j (historical behavior ί i": r .,. 徒出的系統揭不一種風險管理的模型 本發明所提出的系統荒集並依照二組 = it (risk ievei),分析有關資訊存取的 adimmstrator),而且可以因為選擇 I W : 係^^明所實知之資訊風險管理機制102之模型 100之不思圖。t貝載險管理機制1〇2包 風險分析1G4、客製化報表1G6、以及複數個顺準 201102958 1險分104係指對系統裡的資訊存取的分析。對資訊存取 的情報的菜集可以是依據不同的風險準則1〇8、不同的風險項 目(risk aspect) 110、以及不同的時間與條件112。風險準則 108的適用,是由系統内所發生的事件與警* 118所觸發。在 風險被分析後,其結果將呈現給系統管理者。其呈現的方 =由系,管理者選擇事先建立好的範本(template) 114、ιΐ6。 f施该貧訊風險管理機制1〇2的系統可以將系統管理者所進 行的風險分析記錄成為未來可重複使用的新範本。p. Therefore, a user with high authority but malicious can abuse his or her authority until the hazard or major loss occurs. There is a need to estimate and monitor the risks associated with various accesses, and the present invention addresses the creation of such requirements. SUMMARY OF THE INVENTION In the present invention, the present invention provides a method for calculating the total risk of information access in a computing system. This method contains the following steps. First, a multi-dimensional risk model is established, in which each dimension represents a type of risk, and then an information access is received from an information access monitoring unit (_it〇ring unit) 201102958; Each of the (policy = coordinates) 'takes the risk from the & dimensions (in the other embodiment of the present invention, the present invention provides a risk management method). The method includes the following Steps: First, from the second] the criteria obtained by the policy storage unit, the multiple risks of the information access; then, the information is stored in a storage ΪμΪ, on a controller (eGntn) lle〇 Calculate the risk from these risks; then 're-create-event (event) to associate the overall risk with the -bein access; then, through multiple conditions, conditions (filtering criteria) picking out a plurality of events; presenting the events to a 瀚 ^ Γ or Γ display device; and, creating the transition conditions as a - I template (template). , Bribery--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Quasi-Lin Weiwei αχ calculates its risk, and Na Fanben produces a report of the control. The controller can also create a template based on the filter conditions. The re-real aspect of the present invention provides a pre-defined and poor The access method has a method of _reporting. The method includes a τ column step. Ιί" receives multiple information accesses from a poor access monitoring unit; and then connects each of the two mortal accesses to the risk, The risk is based on a number of criteria stored in a standard: 准 obtained by quasi-riding; next, from the user interface unit to the second report selection; New 'difficult to select (four) Si Lailian filter conditions; 'Retrieve information access according to the selected report; finally, present the information 201102958 access, and the selected report. The advantage of the system and method provided is that the information that can identify the abnormality will be coordinated with the following figure. example The above and other objects and advantages of the present invention will be described in detail below. However, the singularity of the present invention is set forth to explain the spirit of the present invention, and is not considered to be the definition of the present invention. For the definition of Fan Hong of the present invention, please refer to the attached application [Embodiment] In the context of the article "Application (here). (raw (aggrefed data), _ patch (p), and other code segments (code The term “eXemPlary” does not mean a preference for the described example. In addition, the “baseline” ase me & 土 & ( ( base (baseline inf〇rmati〇n ), "Reference database mfZ2!" TlQi} ^ # tfL j (historical behavior ί i": r .,. The system that is out of the way reveals a model of risk management. The system proposed by the present invention is based on two groups = It (risk ievei), which analyzes the adimmstrator of information access, and can be chosen because of the choice of IW: the system 100 of the information risk management mechanism 102 that is known. t shell insurance management mechanism 1 〇 2 package Risk analysis 1G4, customized report 1G6, and multiple orders 201102958 1 insurance points 104 refers to the analysis of information access in the system. The set of information for information access may be based on different risk criteria 8.1, different risk aspects 110, and different time and conditions 112. The application of risk criteria 108 is triggered by events and alarms that occur within the system. After the risk is analyzed, the results are presented to the system administrator. The party that is presented = by the department, the manager selects the pre-established template 114, ιΐ6. f The system of the risk management mechanism 1〇2 can record the risk analysis performed by the system administrator as a new model for future reusability.
第2圖所示係本發明所實施之風險準則之模型2〇〇之示 風險準則22㈣常由系統管理者所定義、以適用於各個資訊存 取201上。系統依據風險準則22〇然後會觸發設有$同風險 ,的事件與警示。風險可以分類為存取風險(職%础伽、、 行為風險(behaviorrisk) 204、内容風險(c〇ntentrisk) 2〇6、 以及效能風險(perf__ risk) 208。每-風險都是由一使 用者定義的風險準則収義。例如,某些内 :象=卡,庫,而和此内容相關的内容風=二 較南的風險4級。風險準則還可以包括以正規表達式(_扯 eXp_Gn)表示的_字觸搜尋,以 中的某些機密的資料、資訊。 傳輸Figure 2 shows the model of the risk criteria implemented by the present invention. The risk criteria 22 (4) are often defined by the system administrator to apply to the various information stores 201. The system is based on risk criteria 22 and then triggers events and alerts with the same risk. Risks can be classified into access risks (% of the base, behavioral risk (behaviorrisk) 204, content risk (c〇ntentrisk) 2〇6, and performance risk (perf__ risk) 208. Each risk is by a user Defined risk criteria. For example, some inside: elephant = card, library, and content related to this content wind = two more risk level 4. Risk criteria can also include regular expressions (_eXp_Gn) The indicated _ word touch search, with some confidential information and information.
係、有關於使用奴義準則所規範的風險。例如, 糸統官理者可以為和資訊存取相關的某些 J 設定風險等級(触le峰資畴取可關五個為 J (who)提出存取的請求(亦即存取 么’ ,(亦即存取的方法、方式)、存取什麼資^ ^的2G8、從何處(where)存取(亦即存取 置)、以及何時存取(when)(脚存取的時間 = 於本案創作人之「_異常的資訊存取行為之系統盘方法^ 國發明專利申請(申請日98年6月1〇日,申請案號〇_」= 6 201102958 號)說明書内裡有詳細說明。每一資訊存取會在於符合一風險 準則時被賦予一個風險等級、以及記錄所稽核的事件或觸發警 示之一行動(action)。 行為風險204係有關於前述要件’例如使用者設定(user profile )、物件設定(object profile )、方法設定(meth〇d proflle)、Department, there are risks associated with the use of slavish standards. For example, a system administrator can set a risk level for certain Js related to information access (a request for access to five (Jho) for access (ie, access). (that is, the method and method of access), 2G8 of access, ^where access (ie access), and when (when) (foot access time = In the case of the creator of the case, the system file method of the abnormal information access behavior ^ National invention patent application (application date June 1st, 1998, application case number __ = 6 201102958) has a detailed description Each information access will be assigned a risk level when it meets a risk criterion, as well as an event that triggers an audit or an action that triggers an alert. Behavioral risk 204 is related to the aforementioned requirements 'eg user settings (user Profile ), object profile, method setting (meth〇d proflle),
地點設定(location profile)、以及時間設定(time proflle)所 規範的風險。當一個使用者的行為偏離他的使用者設定,其行 為風險的專級就應該被提高。同樣地,當一資料物件在通常的 時間’被某不曾規則地存取該物件的使用者存取、或是用不是 一般的方法存取,其風險等級也該被提高。行為風險2〇4有運 用到像是要件、成員(member)、以及群組(group)等前述發 明專利申請案所揭露的概念。行為風險2〇4是關連(associate) 於一行為設定(behaviorprofile),而行為設定進一步關連於每 一成員群組的每一成員。行為設定本身則是用要件之間的關連 來定義的。這些關連是用位元映像表(bitmap)、計數器 (counter)來實現,每一計數器還進一步具有至少一個限值 ^threshold),而且還具有一個當限值被超越時的風險等級。 當一计數器到達其限值時,一警示會被發出,系統管理者然後 因此可以才取某些行動。 … 效月b風險208和反應時間(reSp〇nse tjme)有關,而且也是g f種設定賴範。每—資訊存取的反應_包含舰器的處走 時間、以^網路傳輸的時間。每一反應時間有被賦予一細 值。對於每一父易(transaction) ’也可以賦予一個交易時尸e (transactiontime)以及限值。同樣地,每一連結(議⑽ 也可以賦予-個連結時間(eGnneetiQn time)以及限值 ,能風險,某些資訊存取可能會需要花到χ微毛 (:職com!),而當存取時間超過χ微秒、或是超過該資气 關連之設續㈣某個限制〇imit)時,其風險等級就該被浪 201102958 高 如前所示,本發明共提供4種風險(存取、行為、内容、效能 =)’而且每-種風險具有—風險等級。由於有這些不同類 險=日=步提供一個代表一資訊存取的總體風險 (,rlsk)的呈現(presentation)方式。第3圖所示係本發 a主現整體風險之-空間模型(spatial m〇dd)之示竟圖。如 =斤?=模型姻下’每一種風險是用-座標軸來呈現。 例如存取風險用X轴上的座標Χ (相對於原點〇)來表示 為=用Υ軸上的座標y來表示,效能風險用w軸上的座標 Γ 險用z轴上的座標z來表示。而整體風險 丁了以用5併各種風險的一種計算方式所得的「距離」D來 i:.^iqi^y2+2tw2) ’其中sqr是平方根的函數, ^ RT=sqr((aV+ b2y2+ cV+ dV)/( a2 +b2 +c2 +d2)) ^ Φ a h M分別代表對存取、行為、内容、效能風險的權值。’ ’ ,上所陳,本發明從風險的角度對―系統提供—清楚的概況 去發明進一步定義各種範本,以便重複進行過 事先定義的準則賦予風險。具有一定風險的資 訊存-事件’而具有急迫性(urgency)的事件構成警 =。楚4 ί件,警示都會被菜集與事先處理以便於未來的分 二,本侧分析風險之翻之示意®。首先,步 的資訊依時序呈現’也就是將事件依發生的先 側、鱼沾j ’步驟404使用過遽條件(fllter)筛選和這些事 例如’某個過據條件是挑出和這些是件關連最 資料i 名的要件)’假設這樣找到的要件是一個 牛i、丄上^個貝料庫屬於what要件),接下來,步驟406進一 中篩選出最常被存取的槽案(這些難是* 要件的成貞)’賴將絲呈薇__介財(抑_咖 201102958 interface,GUI)中。如果系統管理者有意進一步探究這些事 件,他可以在步驟408使用其他過濾條件檢視這些事件與警 示。最後在步驟410,系統管理者可以檢視構成這些事件與警 示背後的資訊存取的原始資料(raw data)。如上所述,本發明 因此容許系統管理者對於系統裡資訊存取的風險情形有—概 觀’然後還可以進一步探究一些高風險的事件與警示的細節。The risk specified by the location profile and time proflle. When a user's behavior deviates from his user's settings, the level of risk behavior should be increased. Similarly, when a data item is accessed by a user who has not regularly accessed the object at the usual time, or is accessed in a non-universal manner, the risk level should be increased. The behavioral risk 2〇4 is applied to the concepts disclosed in the aforementioned patent application, such as requirements, members, and groups. Behavioral risk 2〇4 is associated with a behavior profile, and behavioral settings are further related to each member of each member group. The behavior setting itself is defined by the relationship between the elements. These associations are implemented using bit maps, counters, each counter further having at least one limit ^threshold), and a level of risk when the limit is exceeded. When a counter reaches its limit, an alert is issued and the system administrator can then take certain actions. ... The effect of the monthly b risk 208 is related to the reaction time (reSp〇nse tjme), and it is also the setting of the g f type. The response of each information access _ contains the time of the ship's departure, and the time of transmission by the network. Each reaction time is given a fine value. For each parent, it is also possible to assign a transaction time (transactiontime) and a limit. Similarly, each link (deliberation (10) can also be given a link time (eGnneetiQn time) and limits, which can be risky, and some information accesses may need to be spent on micro-hairs (: com!) When the time exceeds χ microsecond, or exceeds the limit of the asset (4), the risk level should be as high as before. The invention provides four risks (access). , behavior, content, effectiveness =) 'and each risk has a risk level. Because of these different types of risks = day = step provides a presentation of the overall risk (, rlsk) representing an information access. Figure 3 shows the actual image of the overall risk-space model (spatial m〇dd). Such as = kg? = model marriage] each risk is presented by the - coordinate axis. For example, the access risk is expressed by the coordinate Χ on the X-axis (relative to the origin 〇) = is represented by the coordinate y on the Υ axis, and the performance risk is represented by the coordinate z on the z-axis. Said. The overall risk is the "distance" D obtained by a calculation method using 5 and various risks i:.^iqi^y2+2tw2) 'where sqr is a function of the square root, ^ RT=sqr((aV+ b2y2+ cV+ dV )/( a2 +b2 +c2 +d2)) ^ Φ ah M represents the weight of access, behavior, content, and performance risk, respectively. As stated above, the present invention provides a clear overview of the “system” from a risk perspective. The invention further defines various models to repeatedly impose pre-defined criteria to confer risk. An event with a certain risk of information storage-events and urgency constitutes an alarm. Chu 4 ί pieces, warnings will be processed by the dishes and processed in advance to facilitate the future of the second, this side analyzes the risk of turning over the schematic ®. First, the information of the step is presented in time series 'that is, the event is based on the first side of the occurrence, the fish is j', the step 404 is used to filter the condition (fllter) and these things such as 'a certain condition is to pick out and these are The requirements of the most information i name) 'Assume that the requirement for this is a cow i, ^ ^ 个 个 ^ 属于 属于 属于 属于 属于 属于 , , , , , , , , , , , , , , , 406 406 406 406 406 406 406 406 406 406 406 406 406 406 406 406 These difficulties are * 要 要 贞 贞 ' ' ' ' ' ' ' ' ' ' ' ' ' ' 呈 呈 呈 呈 呈 呈 呈 呈 _ _ _ 咖 咖If the system administrator intends to explore these events further, he can view these events and alerts using other filters at step 408. Finally, in step 410, the system administrator can view the raw data that constitutes the access to the information behind these events and alerts. As described above, the present invention thus allows the system administrator to have an overview of the risk profile of information access in the system and then further explore the details of some high risk events and alerts.
第^圖所示係依據本發明一實施例之系統架構5〇〇之示意圖。 如巧所述’所有資訊存取都會被記錄下來並被賦予一風險。這 些資訊存取可以依據特定的時間與過濾條件5〇2加以篩選。時 間與過瀘、條件5〇2還可以用來處理風險相關資訊5〇4以及警示 別。風險相關資5〇4 S應用準則的結果,而且可以在過據 後產出要件的資訊5〇6 (每一風險相關資訊5〇4可以解構 出要件貧tfl):要件侧資訊5G6包含的成貢之間的關連可以 岔:,在情肓中心(intelligenceeenter) 5〇8加以分析與處理。 ίίίϊΐϊ者有需要,情資中心508可以呈現系統所記錄的 不、事件-貝戒51〇,或是資訊存取的原始資料512。 =與,濾條件可以進一步用來選擇與處理存取_、即 資訊二3)警不/14、事件雷達(eVentradar) 516提供的 件。518 關的育訊5〇4、要件相關的資訊506、前1^名事 歸矜ί a ι/ \過濾、條件5G2還可以被情資中心5Q8用來處理 警^ 51^ 1Ve)的事件與警示510、以及原始資料512。即時 立即處置。有急^性的事件’而直接交由情資中心508 發、或是因為為高風險__而觸 及立即的通知用者自的條件。即時警示514通常會涉 等立即傳送如透過電子郵件、簡訊、或語音訊息 低等不即時警示514還可以分成高、中、 用來_所有事^並,雷達516是一個子系統, w王見 '、、"系統官理者。由於事件的數量可能 201102958 非常龐大,所以可以將事件分類集中後再呈現。此外,還可以 ΐί,適,選後呈現前N名的事件518。資源(刪隱)520 $v^rrhat”',w’要件及其成貝。更明確的說,資源 欠1 2 ί用者、資料庫、各個指令。資源520可以被情 負中心508用來處理與解讀事件與警示。 本發n齡對f訊存取進行線上監控。 2各個#料庫之資訊存取的情報,然後呈現 二二—控的對象可以不限於存取,而還可以及於被 存。存取的次數、被存取的紀錄(record)的數量、 以及廷些存取的頻率都可以被蒐集與分析。 運物1 _。如圖所示,首蛛驟6〇2« 备二3L/在’然後在步驟604評估並儲存歸槽。藉此, 取細其存取 發,置等,依據使用者=二=二=及苡 ^存取J以被賦予數個風險’然後再 上 步驟606被歸類為高風險,步驟_會 二 適用的範本。然後在步驟 數範本中選擇-個 報告並呈現給系統管理者。如果=二,本產出分析 擇-個既杨範本,概修本’他也可以選 本,步驟61傳件件== 201102958 析。例如,如果該事件或警示顯示人事資 步驟614的分析可以找出哪些使用去严的風險, 造成這樣提升的風險。又例如該事件或氅= 貝料庫或是 質。又或者’如果該事件或警示顯示一特以口的性 取有過高的失敗次數,步驟614的分析可 I的貝鱗 失敗的存取的性質。絲,純在步驟616 =取 風險存取_的事件’再於步驟618取出 g ==The figure is a schematic diagram of a system architecture 5 according to an embodiment of the present invention. As a matter of fact, all information access is recorded and given a risk. These information accesses can be filtered based on specific time and filter conditions of 5〇2. Time and conditions, conditions 5〇2 can also be used to deal with risk-related information 5〇4 and warnings. The results of the risk-related capital 5〇4 S application criteria, and the information that can be used to produce the requirements after the data is 5〇6 (each risk-related information 5〇4 can deconstruct the requirements of the tfl): the requirements of the 5G6 The connection between the tributes can be analyzed and processed in the intelligence center (5:8). ί ί ϊΐϊ 有 有 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情 情= and , the filter condition can be further used to select and process the access _, ie information 2 3) alarm / 14, event radar (eVentradar) 516. 518 off the education 5〇4, the relevant information 506, the first 1 ^ name 矜 a a a ι / \ filter, condition 5G2 can also be used by the emotional center 5Q8 to deal with the police ^ 51 ^ 1Ve) event and Alert 510, and raw material 512. Immediately dispose of immediately. If there is an urgent event, it is sent directly to the Emotional Center 508, or because it is a high-risk __, it immediately touches the condition of notifying the user. The instant alert 514 will usually be involved in immediate transmission, such as by email, SMS, or voice message, etc. The instant alert 514 can also be divided into high, medium, and _all things, and the radar 516 is a subsystem, w Wang see ',, " system official. Since the number of events may be very large, 201102958, the events can be classified and then rendered. In addition, you can also ΐί, appropriate, after the election of the top N event 518. Resources (deleted) 520 $v^rrhat"', w' requirements and their shells. More specifically, the resource owes 1 2 ί users, databases, instructions. Resources 520 can be used by the emotional center 508 Handling and interpreting events and warnings. The locality of n-ages for online access to f-monitoring. 2 The information access to each of the #库库, and then the object of the second-two control can be not limited to access, but also The number of accesses, the number of records accessed, and the frequency of accesses can be collected and analyzed. Transport 1 _. As shown, the first spider is 6〇2 «Prepare 2L/L' and then evaluate and store it in step 604. By taking the access, send, etc., access J according to user = two = two = and 苡 ^ to be given several risks 'Then again step 606 is classified as high risk, step _ will be applied to the template. Then select one report in the step number template and present it to the system administrator. If = two, this output analysis selects one Yang Fanben, the revision of the book 'he can also choose this, step 61 transmission piece == 201102958 analysis. For example, if the matter The analysis of the personnel or step 614 indicates that the use of the risk is severe, causing the risk of such an increase. For example, the event or 氅 = 贝 或是 或是 质 质 质 又 又 又 又 如果 如果 如果 如果 如果 如果 如果 如果 如果 如果 如果The nature of the mouth is too high for the number of failures, and the analysis of step 614 can be of the nature of the failed access of the shell. I, in purely at step 616 = the event of taking the risk access _ is taken in step 618. ==
訊。接下來’再於步驟620將結果呈現二資 樣客製化的分析與呈現後,系統管理者可以、在;。广成廷 =条件記錄下來並存放在—個新範本裡。這個^本未來 乂驟624被選用來對其他事件或警示重複同樣的分f斤來了在 ^要特色。範本記錄了伽者所採用的 ^有巧條件,因此未來可以贿的進行相同過濾= 依據—個範本所產出的報表時,使用者可以修改ίΐ 的過雜件,修㈣結果可峨絲建立—侧範本。、 明所提出#方法可以是由儲存於電腦可讀取媒介 ir^tereadablemedium)裡的程式所執行。該程式致使一 疋類似的具㈣腦平㈣計算裝置執行本方法的各 t驟。_腦可讀取齡可岐該値器的記憶體、或是_ j的資料庫的記鐘。或者’該t腦可讀取媒介也可以是載 iJT連線電腦的辅助儲存媒體(細ndary storage media), =磁碟、磁帶、光碟、硬式磁碟、快閃記憶體、或是其他習 一口立儲存媒體。第7圖所示係支援本發明所提出方法之系統之 201102958 該系統700包含__眘1 -準則儲存單η V存取'^控早元(m(mitc)ringunit) 702、 p ystwageunit) 7G4、—制者介面單元 儲存單元7G6^i;二=71G '以及一 系統裡的-或多個監視對位於一或多個 左%缺、得廷到貝讯存取監控單元702。這些資訊 存單所儲存單元7〇6、並被控制器710依據準則儲 用以產生準則加以處理。儲存單元706㈤時存放有 風产,乾本。根據這些物’控制器710會得到各種 集這些風險可以計算出—總體風險。—般技藝人 耙1 t隹知準則儲存單元704和儲存單元观可以整合在- 的資ίΐΐΤ?1是存放於不同的準則儲存單元704。處理過 ^使用去」然後透過使用者介面單元观呈現給系統管理 表,而抛ΐΐ以透過使用者介面單元708選擇所想檢視的報 以读7¾°^田土會依照其所依據的範本被產生出來。使用者也可 &勃=面料观修改其中的顧條件。該控制器 連接在=H^=5()8的功能。系統管理者可以透過 ®^) (display unit) f Ilf、6圖所示者並不要求或暗示任何特定的動作順序。這 了德以循序或平行進行。本方法可以實施在一網路設備 由器、或是網路飼服器)的運算裝置裡來執行一系列 ^可唄取的指令(machine readable instructi〇n )。這些指人可 各種承載訊號、健雜據的主要、輔助、或ΐ更i要 =裝置的元件内建的媒體,像是隨機存取記t 外’還可以包含下列機器可讀取的數位或類比的 j儲存媒體.DASE) (direct access st〇mge 如 ,、充辦更碟或磁碟陣列)、磁帶、電子唯讀記憶體(例如r〇m寻 12 201102958 ΕΓ:Μ)、娜趣卡、光學儲存裝置(例如 ROM、WORM、DVD、digital optical tape)、電腦紙核。 4、5、6圖所示 當這些指令為一電腦執行時,該電腦將 的步驟。 乐 i例之詳述,係希望能更加清楚描述本發 ίίϋϊί加=限制。相反地,其目的是希望能涵蓋各種改 ”备丨的安排於本發明所欲申請之專利範圍的範疇内。News. Then, after the results are presented in step 620 for the analysis and presentation of the two-customized customization, the system administrator can; Guang Chengting = conditions are recorded and stored in a new model. This ^ future step 624 was chosen to repeat the same points for other events or warnings. The model records the skillful conditions used by the gambler, so the same filtering can be done in the future. According to the report produced by the model, the user can modify the miscellaneous pieces, and the results can be established. - Side model. The method proposed by Ming can be executed by a program stored in a computer readable medium ir^tereadablemedium. The program causes a similar (four) brain level (four) computing device to perform the various steps of the method. The brain can read the memory of the device, or the clock of the database of _ j. Or 'the t-brain readable medium can also be an auxiliary storage medium (i-ndary storage media) for iJT-connected computers, = disk, tape, CD, hard disk, flash memory, or other sip Store media. Figure 7 is a diagram showing a system supporting the method of the present invention. 201102958. The system 700 includes a __ caution 1 - criterion storage η V access '^ control early element (m (mitc) ringunit) 702, p ystwageunit) 7G4 , the manufacturer interface unit storage unit 7G6^i; two = 71G 'and one or more monitoring pairs in one system are located in one or more left % missing, get to Beixun access monitoring unit 702. These information is stored in the storage unit 7〇6 and processed by the controller 710 in accordance with the criteria storage generation criteria. When the storage unit 706 (five) is stored, there is a wind product and a dry copy. Based on these things, the controller 710 will get various sets of these risks that can be calculated - the overall risk. The general skill 耙1 t knowing criterion storage unit 704 and the storage unit view can be integrated in the different criteria storage unit 704. The processing is used to display the system management table through the user interface unit, and the user interface unit 708 selects the newspaper to be viewed by the user interface unit 708 to read the 73⁄4°^ field, which is generated according to the template according to which it is generated. come out. The user can also modify the conditions in the & This controller is connected to the function of =H^=5()8. The system administrator can use the ®^) (display unit) f Ilf, and the figure shown in Figure 6 does not require or imply any specific sequence of actions. This is done in a sequential or parallel manner. The method can be implemented in a network device or a network server to execute a series of instructions (machine readable instructi〇n). These referents can carry a variety of signals, data, data, data, built-in media, such as random access memory, and can also contain the following machine-readable digits or Analog j storage media. DASE) (direct access st〇mge, for example, to replace disc or disk array), tape, electronic read-only memory (eg r〇m search 12 201102958 ΕΓ: Μ), Naojia , optical storage devices (such as ROM, WORM, DVD, digital optical tape), computer paper core. 4, 5, and 6 are shown in the figure when the instructions are executed by a computer. The details of the music i example, I hope to more clearly describe this issue ίίϋϊί plus = limit. On the contrary, it is intended to cover various modifications that are within the scope of the invention as claimed.
【圖式簡單說明】 ^ 1圖所;ΤΤ縣發崎實施之餘舰f理_之模型之示 思圓。 S圖所讀本判所實施之驗準狀模型之示意圖。 =^圖所示係本發明表達整體風險之模型之示意圖。 圖所不係本發明分析風險之模型之示意圖。 2所,係依據本發明—實施例之系統架構之示意圖。 圖所不係依據本發明一實施例之運作流程圖。 圖所示係支援本發明所提出方法之系統之示意圖。 【主要元件符號說明】 100 風險管理模型 104 風險分析 108 風險準則 112 時間與條件 116 範本 200 風險準則模型 202 存取風險 102 資訊風險管理機制 106 客製化報表 110 風險項目 114 範本 118 事件與警示 201 資訊存取 204 行為風險[Simple description of the map] ^ 1 map; the model of the Yu Shipi implementation of the Yuxian County, the display of the model. A schematic diagram of the collimation model implemented by this judgment in the S-picture. The figure shown in the figure is a schematic diagram of the model for expressing the overall risk of the present invention. The figure is not a schematic diagram of the model for analyzing risk of the present invention. 2 is a schematic diagram of a system architecture in accordance with the present invention. The drawings are not in accordance with an operational flow diagram in accordance with an embodiment of the present invention. The figure shows a schematic diagram of a system that supports the method of the present invention. [Key component symbol description] 100 Risk management model 104 Risk analysis 108 Risk criteria 112 Time and conditions 116 Template 200 Risk criteria model 202 Access risk 102 Information risk management mechanism 106 Customized report 110 Risk item 114 Template 118 Events and alerts 201 Information access 204 behavioral risk
13 20110295813 201102958
206 内容風險 208 效能風險 300 整體風險模型 400 風險分析模型 402〜410 步驟 500 糸統架構 502 時間與過濾條件 504 風險相關資訊 506 要件相關資訊 508 情資中心 510 歸檔的事件與警示 512 原始資料 514 即時警示 516 事件雷達 518 前N名事件 520 資源 600 運作流程 600-626 步驟 700 糸統 702 資訊存取監控單元 704 準則儲存單元 706 儲存單元 708 使用者介面單元 710 控制器 D 距離 0 原點 Rt 整體風險 X,Y,Z,W 座標幸由 x,y,z,w 座標值206 Content Risk 208 Effectiveness Risk 300 Overall Risk Model 400 Risk Analysis Model 402~410 Step 500 System Architecture 502 Time and Filtering Conditions 504 Risk Related Information 506 Requirements Related Information 508 Information Center 510 Archived Events and Alerts 512 Source 514 Instant Warning 516 Event Radar 518 Top N Event 520 Resource 600 Operation Flow 600-626 Step 700 System 702 Information Access Monitoring Unit 704 Criterion Storage Unit 706 Storage Unit 708 User Interface Unit 710 Controller D Distance 0 Origin Rt Overall Risk X, Y, Z, W coordinate by x, y, z, w coordinates
1414
Claims (1)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/497,981 US8631081B2 (en) | 2008-11-12 | 2009-07-06 | System and method for information risk management |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201102958A true TW201102958A (en) | 2011-01-16 |
TWI444920B TWI444920B (en) | 2014-07-11 |
Family
ID=44838281
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW98140757A TWI444920B (en) | 2009-07-06 | 2009-11-30 | System and method for information risk management |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI444920B (en) |
-
2009
- 2009-11-30 TW TW98140757A patent/TWI444920B/en active
Also Published As
Publication number | Publication date |
---|---|
TWI444920B (en) | 2014-07-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10558684B2 (en) | Auditing database access in a distributed medical computing environment | |
US11909881B2 (en) | Digital asset management | |
US11550921B2 (en) | Threat response systems and methods | |
US9348879B2 (en) | Data lineage transformation analysis | |
US12014333B2 (en) | Misconduct metrics reporting generation and rendering engine apparatuses, methods, systems and media | |
US11809565B2 (en) | Security for private data inputs to artificial intelligence models | |
US10353531B2 (en) | System and method for building customized web applications within a domain | |
CN117273429A (en) | Event monitoring method, system, electronic equipment and storage medium | |
CN112685443A (en) | Data query method and device, electronic equipment and computer readable storage medium | |
US9230004B2 (en) | Data processing method, system, and computer program product | |
US20220028008A1 (en) | Signals-based data syndication and collaboration | |
EP3816782B1 (en) | Data reconstruction method, apparatus and storage medium | |
CN114708941B (en) | Health data-based management method and equipment | |
TW201102958A (en) | System and method for information risk management | |
US20230251959A1 (en) | System and Method for Generating Synthetic Test Data | |
EP3480821B1 (en) | Clinical trial support network data security | |
CN108683581A (en) | Mail triggering method and device, electronic equipment and computer readable storage medium | |
US20230195806A1 (en) | Real-time crawling | |
CN118260110A (en) | Fault exercise method, device, computer equipment, storage medium and program product | |
CN108874621B (en) | File monitoring method and device, electronic equipment and computer readable storage medium | |
CN117333134A (en) | Flow notifying method, apparatus, computer device, storage medium and program product | |
CN117370294A (en) | File updating method, device, computer equipment and storage medium | |
CN117557951A (en) | Power grid abnormal event monitoring method, device, computer equipment and storage medium | |
CN116938681A (en) | Twin data auditing method and device of network element equipment and computer equipment | |
CN114943597A (en) | Intelligent tax supervision method and equipment based on block chain and storage medium |