WO2023277846A1 - A security system - Google Patents

A security system Download PDF

Info

Publication number
WO2023277846A1
WO2023277846A1 PCT/TR2022/050615 TR2022050615W WO2023277846A1 WO 2023277846 A1 WO2023277846 A1 WO 2023277846A1 TR 2022050615 W TR2022050615 W TR 2022050615W WO 2023277846 A1 WO2023277846 A1 WO 2023277846A1
Authority
WO
WIPO (PCT)
Prior art keywords
security
firm
intuitive
data
information
Prior art date
Application number
PCT/TR2022/050615
Other languages
French (fr)
Inventor
Mehmet Hakan KAYMAK
Zeynep CETIN
Pelin Ecem OZTURK
Original Assignee
Dogus Bilgi Islem Ve Teknoloji Hiz. A.S.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dogus Bilgi Islem Ve Teknoloji Hiz. A.S. filed Critical Dogus Bilgi Islem Ve Teknoloji Hiz. A.S.
Publication of WO2023277846A1 publication Critical patent/WO2023277846A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/252Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the present invention relates to a system which enables to perform the communication between units that are included in organizations and responsible for the security of information within the organization and different workers in the said organization in a coordinated way, and ensures that the officials in the senior management unit within organizations can instantly monitor violations of information security in the organization.
  • a security system which enables to display the security notifications, that are sent over existing security services, to company employees on a role-based basis; to enrich the data, that are received from human resources and active directory, while the security notifications are displayed to the company employees; to process the collected data and then prioritize the said data according to the risk calculation; to enable the company employees to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group, without the company employees passing over the data traffic over themselves and then controlling it, without preventing data transfers in the company, without using monitoring agents and interface of application programs.
  • the United States patent document no. US10148694B1 discloses a system for data loss prevention (DLP) by monitoring the file system activity of an application having a network connection.
  • a DLP agent tracks the file system activity (e.g., opening and reading files) initiated by an application.
  • the DLP agent intercepts the file system activity and evaluates a file specified by the file system operation to determine whether the file includes sensitive data or not. If such data is detected, the DLP agent enables to prevent transmission of sensitive data by blocking the file system activity or removing the sensitive data from the file.
  • the objective of the present invention is to realize a security system which enables to display the security notifications, that are sent over existing security services, to company employees on a role-based basis; to enrich the data, that are received from human resources and active directory, while the security notifications are displayed to the company employees; to process the collected data and then prioritize the said data according to the risk calculation; to enable the company employees to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group, without the company employees passing over the data traffic over themselves and then controlling it, without preventing data transfers in the company, without using monitoring agents and interface of application programs.
  • Figure 1 is schematic view of the inventive security system.
  • the inventive security system (1) which enables to enables to perform the communication between units that are included in organizations and responsible for the security of information within the organization and different workers in the said organization in a coordinated way, and ensures that the officials in the senior management unit within organizations can instantly monitor violations of information security in the organization comprises:
  • At least one electronic device (2) which is configured to enable firm employees, security teams and officials to communicate with other persons;
  • At least one database (4) which connects with an intuitive security application (3) and is configured to store the data entered over an intuitive security application (3) and/or used by the external service, and the rule sets related to the actions to be taken according to the data;
  • - at least one server (5) which connects with an intuitive security application (3), the database (4), the external services (ES) and the security services (SS) in the firm (F) and is configured to access the data transmitted from the external services (ES) and the security services (SS); to monitor the transfers of data -that are considered as critical- within the firm (F) by evaluating the accessed data with the rule set in the database (4); and to inform the security teams in the firm (F) about determining whether the alarms occurring in the security service (ES) are within the scope of business needs or not.
  • the electronic device (2) included in the inventive system (1) is a smart device such as a mobile phone, tablet or computer configured to enable employees, managers, internal audit and compliance teams, cyber security teams, members of information security committees and risk committees, department managers, and help desk teams of information technologies within the firm (F) to communicate with other persons.
  • An intuitive security application (3) included in the inventive system (1) is configured to enable all employees using the electronic device (2) to access data in accordance with their roles and responsibilities in the service of information security management in the said firm (F), by connecting with external services (ES) such as human resources in the firm (F) and remote access, and security services (SS) such as prevention of data loss, security management and event management.
  • An intuitive security application (3) is configured to ensure that the notifications and outputs of information security processes produced by the cyber security and information security teams, audit and compliance teams, information technologies teams in the external services (ES) and security services (SS) included in the firm (F) are understandable by different business units within the firm (F).
  • An intuitive security application (3) is configured to ensure that screens customized for different roles such as managers, internal audit and compliance teams, cyber security teams, members of information security committees and risk committees, department managers, help desk teams of information technologies in the firm (F) are displayed on the electronic device (2), by running on the electronic device (2).
  • An intuitive security application (3) is configured to enable the said managers to create security groups according to different departments and units in the firm (F) within the active directory by running on the electronic devices (2) of the managers in the firm (F), and to ensure that different role-based authorization assignments are made to security groups according to the department they are associated with.
  • An intuitive security application (3) is configured to transmit the role-based authorization information related to the security groups on itself in the active directory, to the database (4).
  • An intuitive security application (3) is configured to connect with external services (ES) in the firm (F) such as human resources and remote access via web service protocols.
  • An intuitive security application (3) is configured to connect with security systems (S) in the firm (F) such as DLP, DAM, FAM and SIEM via JDBC and Syslog protocols.
  • an intuitive security application (3) is configured to enable an authorized user in the firm (F) to create information security measurement criteria and key performance indicators with the interface included on itself.
  • the database (4) included in the inventive system (1) is configured to store information security measurement criteria and key performance indicators created on an intuitive security application (3), in the library on itself by connecting with an intuitive security application (3).
  • the server (5) included in the inventive system (1) is configured to access the data transmitted from external services (ES) and security services (SS), and to evaluate the accessed data based on security parameters such as measurement scores of information security effectiveness, violation events of information security, outputs of risk analysis, critical security vulnerabilities detected, and audit findings.
  • the server (5) is configured to detect information such as requirements arising from business processes, cyber security condition in the firm (F), company loyalty of the employee in the firm (F), suspicious activities of the employee of the firm (F) and the criticality of the data transferred to the firm (F) and/or from the firm (F), by evaluating the data accessed from external services (ES) and security services (SS) according to security parameters.
  • the server (5) is configured to create security units by enriching information such as requirements arising from business processes, cyber security status in the firm (F), company loyalty of the employee in the firm (F), suspicious activities of the employee of the firm (F) and the criticality of the data transferred to the firm (F) and/or from the firm (F) with the data in human resources and active directory in the firm (F) and to enable the firm (F) authorities running the application (3) to display security notifications on the interface of an application (3) according to the roles and authorizations assigned to the security group in the active directory, by transmitting security notifications to an intuitive security application (3).
  • employees working in the firm (F) can view the security notifications produced on the server (5) by running an intuitive security application (3) on their electronic devices (2).
  • An intuitive security application (3) included in the system (1) connects with various external services (ES) and security services (SS) in the firm (F).
  • An intuitive security application (3) enables the said managers to create security groups according to different departments and units in the firm (F) within the active directory by running on the electronic devices (2) of the managers in the firm (F), and to perform different role-based authorization assignments to security groups according to the department they are associated with.
  • the security notifications transmitted from the server (5) are displayed in a different way by different departments in the firm (F) by means of an intuitive application (3).
  • the server (5) creates a security notification by detecting audit findings such as measurement scores of information security effectiveness, information security violation events, outputs of risk analysis and critical security vulnerabilities detected on the accessed data, by connecting with various external services (ES) and security services (SS) in firm (F). Security notifications are transmitted to an intuitive security application (3) via the server (5).
  • ES external services
  • SS security services
  • the inventive system (1) it is ensured that the security notifications, that are sent over existing security services, are displayed to company employees on a role- based basis; the data, that are received from human resources and active directory, are enriched while the security notifications are displayed to the company employees; the collected data are processed and then the said data are prioritized according to the risk calculation; the company employees are enabled to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a system (1) which enables to perform the communication between units that are included in organizations and responsible for the security of information within the organization and different workers in the said organization in a coordinated way, and ensures that the officials in the senior management unit within organizations can instantly monitor violations of information security in the organization.

Description

A SECURITY SYSTEM Technical Field
The present invention relates to a system which enables to perform the communication between units that are included in organizations and responsible for the security of information within the organization and different workers in the said organization in a coordinated way, and ensures that the officials in the senior management unit within organizations can instantly monitor violations of information security in the organization.
Background of the Invention
Today, institutions and companies have to protect a variety of data generated in their own units. Various security systems such as DLP (data loss prevention) and SIEM (security information and event management), which prevent leakage of intra-company (in-house) data to external environment and/or systems, are used by the said institutions. The said security systems and/or software cannot detect data theft, data sabotage on the said data by means of alarms created in accordance with certain rules by analyzing the data generated in the institution. While detecting whether the occurring alarms are beyond the scope of business requirement, the said alarms should be evaluated by different units other than security teams. However, the fact that data security evaluations are carried out throughout the company by a single employee or team reduces the effectiveness of security controls in the organization because of the problem that important parameters cannot be evaluated. Besides, parameters such as evaluation of requirements arising from business processes, evaluation of the cyber security status by the management, delaying controls due to the large number of notifications examined, employee loyalty in the company, suspicious activities of an employee and the criticality of transferred data should be evaluated on the security system in an institution. Yet, in the state of art, there is no solution which enables to display the security notifications, that are sent over existing security services, to company employees on a role-based basis; to enrich the data, that are received from human resources and active directory, while the security notifications are displayed to the company employees; to process the collected data and then prioritize the said data according to the risk calculation; to enable the company employees to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group.
Due to the above-mentioned reasons, there is need for a security system which enables to display the security notifications, that are sent over existing security services, to company employees on a role-based basis; to enrich the data, that are received from human resources and active directory, while the security notifications are displayed to the company employees; to process the collected data and then prioritize the said data according to the risk calculation; to enable the company employees to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group, without the company employees passing over the data traffic over themselves and then controlling it, without preventing data transfers in the company, without using monitoring agents and interface of application programs.
The United States patent document no. US10148694B1, an application in the state of the art, discloses a system for data loss prevention (DLP) by monitoring the file system activity of an application having a network connection. In the inventive system, a DLP agent tracks the file system activity (e.g., opening and reading files) initiated by an application. The DLP agent intercepts the file system activity and evaluates a file specified by the file system operation to determine whether the file includes sensitive data or not. If such data is detected, the DLP agent enables to prevent transmission of sensitive data by blocking the file system activity or removing the sensitive data from the file.
Summary of the Invention
The objective of the present invention is to realize a security system which enables to display the security notifications, that are sent over existing security services, to company employees on a role-based basis; to enrich the data, that are received from human resources and active directory, while the security notifications are displayed to the company employees; to process the collected data and then prioritize the said data according to the risk calculation; to enable the company employees to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group, without the company employees passing over the data traffic over themselves and then controlling it, without preventing data transfers in the company, without using monitoring agents and interface of application programs.
Detailed Description of the Invention
“A Security System” realized to fulfil the objective of the present invention is shown in the figure attached, in which:
Figure 1 is schematic view of the inventive security system.
The components illustrated in the figure are individually numbered, where the numbers refer to the following:
1. System
2. Electronic device
3. An intuitive security application 4. Database
5. Server F. Firm
ES. External service SS. Security service
The inventive security system (1) which enables to enables to perform the communication between units that are included in organizations and responsible for the security of information within the organization and different workers in the said organization in a coordinated way, and ensures that the officials in the senior management unit within organizations can instantly monitor violations of information security in the organization comprises:
- at least one electronic device (2) which is configured to enable firm employees, security teams and officials to communicate with other persons;
- at least one intuitive security application (3) which is run on the electronic device (2) and configured to enable the security teams in the firm (F) to enter data into the interface included on the intuitive security application and/or to view the stored data;
- at least one database (4) which connects with an intuitive security application (3) and is configured to store the data entered over an intuitive security application (3) and/or used by the external service, and the rule sets related to the actions to be taken according to the data; and
- at least one server (5) which connects with an intuitive security application (3), the database (4), the external services (ES) and the security services (SS) in the firm (F) and is configured to access the data transmitted from the external services (ES) and the security services (SS); to monitor the transfers of data -that are considered as critical- within the firm (F) by evaluating the accessed data with the rule set in the database (4); and to inform the security teams in the firm (F) about determining whether the alarms occurring in the security service (ES) are within the scope of business needs or not. The electronic device (2) included in the inventive system (1) is a smart device such as a mobile phone, tablet or computer configured to enable employees, managers, internal audit and compliance teams, cyber security teams, members of information security committees and risk committees, department managers, and help desk teams of information technologies within the firm (F) to communicate with other persons.
An intuitive security application (3) included in the inventive system (1) is configured to enable all employees using the electronic device (2) to access data in accordance with their roles and responsibilities in the service of information security management in the said firm (F), by connecting with external services (ES) such as human resources in the firm (F) and remote access, and security services (SS) such as prevention of data loss, security management and event management. An intuitive security application (3) is configured to ensure that the notifications and outputs of information security processes produced by the cyber security and information security teams, audit and compliance teams, information technologies teams in the external services (ES) and security services (SS) included in the firm (F) are understandable by different business units within the firm (F). An intuitive security application (3) is configured to ensure that screens customized for different roles such as managers, internal audit and compliance teams, cyber security teams, members of information security committees and risk committees, department managers, help desk teams of information technologies in the firm (F) are displayed on the electronic device (2), by running on the electronic device (2). An intuitive security application (3) is configured to enable the said managers to create security groups according to different departments and units in the firm (F) within the active directory by running on the electronic devices (2) of the managers in the firm (F), and to ensure that different role-based authorization assignments are made to security groups according to the department they are associated with. An intuitive security application (3) is configured to transmit the role-based authorization information related to the security groups on itself in the active directory, to the database (4). An intuitive security application (3) is configured to connect with external services (ES) in the firm (F) such as human resources and remote access via web service protocols. An intuitive security application (3) is configured to connect with security systems (S) in the firm (F) such as DLP, DAM, FAM and SIEM via JDBC and Syslog protocols. Also, an intuitive security application (3) is configured to enable an authorized user in the firm (F) to create information security measurement criteria and key performance indicators with the interface included on itself.
The database (4) included in the inventive system (1) is configured to store information security measurement criteria and key performance indicators created on an intuitive security application (3), in the library on itself by connecting with an intuitive security application (3).
The server (5) included in the inventive system (1) is configured to access the data transmitted from external services (ES) and security services (SS), and to evaluate the accessed data based on security parameters such as measurement scores of information security effectiveness, violation events of information security, outputs of risk analysis, critical security vulnerabilities detected, and audit findings. The server (5) is configured to detect information such as requirements arising from business processes, cyber security condition in the firm (F), company loyalty of the employee in the firm (F), suspicious activities of the employee of the firm (F) and the criticality of the data transferred to the firm (F) and/or from the firm (F), by evaluating the data accessed from external services (ES) and security services (SS) according to security parameters. The server (5) is configured to create security units by enriching information such as requirements arising from business processes, cyber security status in the firm (F), company loyalty of the employee in the firm (F), suspicious activities of the employee of the firm (F) and the criticality of the data transferred to the firm (F) and/or from the firm (F) with the data in human resources and active directory in the firm (F) and to enable the firm (F) authorities running the application (3) to display security notifications on the interface of an application (3) according to the roles and authorizations assigned to the security group in the active directory, by transmitting security notifications to an intuitive security application (3).
Industrial Application of the Invention
In the inventive system (1), employees working in the firm (F) can view the security notifications produced on the server (5) by running an intuitive security application (3) on their electronic devices (2). An intuitive security application (3) included in the system (1) connects with various external services (ES) and security services (SS) in the firm (F). An intuitive security application (3) enables the said managers to create security groups according to different departments and units in the firm (F) within the active directory by running on the electronic devices (2) of the managers in the firm (F), and to perform different role-based authorization assignments to security groups according to the department they are associated with. Thus, the security notifications transmitted from the server (5) are displayed in a different way by different departments in the firm (F) by means of an intuitive application (3). However, the managers in the firm (F) can instantly monitor the activity of information security through an intuitive security application (3) in the system (1). The server (5) creates a security notification by detecting audit findings such as measurement scores of information security effectiveness, information security violation events, outputs of risk analysis and critical security vulnerabilities detected on the accessed data, by connecting with various external services (ES) and security services (SS) in firm (F). Security notifications are transmitted to an intuitive security application (3) via the server (5).
With the inventive system (1) it is ensured that the security notifications, that are sent over existing security services, are displayed to company employees on a role- based basis; the data, that are received from human resources and active directory, are enriched while the security notifications are displayed to the company employees; the collected data are processed and then the said data are prioritized according to the risk calculation; the company employees are enabled to view the intra-company security notifications based on the active directory groups wherein they are members of and the authorizations assigned to the said group.
It is possible to develop various embodiments of the inventive security system (1); the invention cannot be limited to examples disclosed herein and it is essentially according to claims.

Claims

1. A security system (1) which enables to enables to perform the communication between units that are included in organizations and responsible for the security of information within the organization and different workers in the said organization in a coordinated way, and ensures that the officials in the senior management unit within organizations can instantly monitor violations of information security in the organization; comprising
- at least one electronic device (2) which is configured to enable firm employees, security teams and officials to communicate with other persons; characterized by
- at least one intuitive security application (3) which is run on the electronic device (2) and configured to enable the security teams in the firm (F) to enter data into the interface included on the intuitive security application and/or to view the stored data;
- at least one database (4) which connects with an intuitive security application (3) and is configured to store the data entered over an intuitive security application (3) and/or used by the external service, and the rule sets related to the actions to be taken according to the data; and
- at least one server (5) which connects with an intuitive security application (3), the database (4), the external services (ES) and the security services (SS) in the firm (F) and is configured to access the data transmitted from the external services (ES) and the security services (SS); to monitor the transfers of data -that are considered as critical- within the firm (F) by evaluating the accessed data with the rule set in the database (4); and to inform the security teams in the firm (F) about determining whether the alarms occurring in the security service (ES) are within the scope of business needs or not.
2. A security system (1) according to claim 1; characterized by the electronic device (2) which is a smart device such as a mobile phone, tablet or computer, configured to enable employees, managers, internal audit and compliance teams, cyber security teams, members of information security committees and risk committees, department managers, and help desk teams of information technologies within the firm (F) to communicate with other persons.
3. A security system (1) according to Claim 1 or 2; characterized by an intuitive security application (3) which is configured to enable all employees using the electronic device (2) to access data in accordance with their roles and responsibilities in the service of information security management in the said firm (F), by connecting with external services (ES) such as human resources in the firm (F) and remote access, and security services (SS) such as prevention of data loss, security management and event management.
4. A security system (1) according to any one of the preceding claims, characterized by an intuitive security application (3) which is configured to ensure that the notifications and outputs of information security processes produced by the cyber security and information security teams, audit and compliance teams, information technologies teams in the external services (ES) and security services (SS) included in the firm (F) are understandable by different business units within the firm (F).
5. A security system (1) according any one of the preceding claims; characterized by an intuitive security application (3) which is configured to ensure that screens customized for different roles such as managers, internal audit and compliance teams, cyber security teams, members of information security committees and risk committees, department managers, help desk teams of information technologies in the firm (F) are displayed on the electronic device (2), by running on the electronic device (2).
6. A security system (1) according any one of the preceding claims; characterized by an intuitive security application (3), which is configured to enable the said managers to create security groups according to different departments and units in the firm (F) within the active directory by running on the electronic devices (2) of the managers in the firm (F), and to ensure that different role-based authorization assignments are made to security groups according to the department they are associated with.
7. A security system (1) according any one of the preceding claims; characterized by an intuitive security application (3) which is configured to transmit the role- based authorization information related to the security groups on itself in the active directory, to the database (4).
8. A security system (1) according any one of the preceding claims; characterized by an intuitive security application (3) which is configured to connect with external services (ES) in the firm (F) such as human resources and remote access via web service protocols.
9. A security system (1) according any one of the preceding claims; characterized by an intuitive security application (3) which is configured to connect with security systems (S) in the firm (F) such as DLP, DAM, FAM and SIEM via JDBC and Syslog protocols.
10. A security system (1) according any one of the preceding claims; characterized by an intuitive security application (3) which is configured to enable an authorized user in the firm (F) to create information security measurement criteria and key performance indicators with the interface included on itself.
11. A security system (1) according any one of the preceding claims; characterized by the database (4) which is configured to store information security measurement criteria and key performance indicators created on an intuitive security application (3), in the library on itself by connecting with an intuitive security application (3).
12. A security system (1) according any one of the preceding claims; characterized by the server (5) which is configured to access the data transmitted from external services (ES) and security services (SS), and to evaluate the accessed data based on security parameters such as measurement scores of information security effectiveness, violation events of information security, outputs of risk analysis, critical security vulnerabilities detected, and audit findings.
13. A security system (1) according any one of the preceding claims; characterized by a server (5) which is configured to detect information such as requirements arising from business processes, cyber security condition in the firm (F), company loyalty of the employee in the firm (F), suspicious activities of the employee of the firm (F) and the criticality of the data transferred to the firm (F) and/or from the firm (F), by evaluating the data accessed from external services (ES) and security services (SS) according to security parameters.
14. A security system (1) according any one of the preceding claims; characterized by a server (5) which is configured to create security units by enriching information such as requirements arising from business processes, cyber security status in the firm (F), company loyalty of the employee in the firm (F), suspicious activities of the employee of the firm (F) and the criticality of the data transferred to the firm (F) and/or from the firm (F) with the data in human resources and active directory in the firm (F) and to enable the firm (F) authorities running the application (3) to display security notifications on the interface of an application (3) according to the roles and authorizations assigned to the security group in the active directory, by transmitting security notifications to an intuitive security application (3).
PCT/TR2022/050615 2021-06-28 2022-06-20 A security system WO2023277846A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TR2021/010488 2021-06-28
TR2021010488 2021-06-28

Publications (1)

Publication Number Publication Date
WO2023277846A1 true WO2023277846A1 (en) 2023-01-05

Family

ID=84692380

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/TR2022/050615 WO2023277846A1 (en) 2021-06-28 2022-06-20 A security system

Country Status (1)

Country Link
WO (1) WO2023277846A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116192529A (en) * 2023-03-10 2023-05-30 广东堡塔安全技术有限公司 Third party server safety management system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050097149A1 (en) * 2003-11-05 2005-05-05 Lumigent Technologies, Inc. Data audit system
US20110178986A1 (en) * 2005-11-28 2011-07-21 Commvault Systems, Inc. Systems and methods for classifying and transferring information in a storage network
US20170076057A1 (en) * 2014-03-06 2017-03-16 David Burton Mobile data management system
CN109388642A (en) * 2018-10-23 2019-02-26 北京计算机技术及应用研究所 Sensitive data based on label tracks source tracing method
CN111241099A (en) * 2020-01-09 2020-06-05 佛山科学技术学院 Industrial big data storage method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050097149A1 (en) * 2003-11-05 2005-05-05 Lumigent Technologies, Inc. Data audit system
US20110178986A1 (en) * 2005-11-28 2011-07-21 Commvault Systems, Inc. Systems and methods for classifying and transferring information in a storage network
US20170076057A1 (en) * 2014-03-06 2017-03-16 David Burton Mobile data management system
CN109388642A (en) * 2018-10-23 2019-02-26 北京计算机技术及应用研究所 Sensitive data based on label tracks source tracing method
CN111241099A (en) * 2020-01-09 2020-06-05 佛山科学技术学院 Industrial big data storage method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116192529A (en) * 2023-03-10 2023-05-30 广东堡塔安全技术有限公司 Third party server safety management system
CN116192529B (en) * 2023-03-10 2023-09-29 广东堡塔安全技术有限公司 Third party server safety management system

Similar Documents

Publication Publication Date Title
Swanson et al. Generally accepted principles and practices for securing information technology systems
US8868728B2 (en) Systems and methods for detecting and investigating insider fraud
US8769412B2 (en) Method and apparatus for risk visualization and remediation
US20060123101A1 (en) Application instrumentation and monitoring
US20120224057A1 (en) Situational intelligence
Bishop et al. A risk management approach to the “insider threat”
Clinch ITIL V3 and information security
CN113516337A (en) Method and device for monitoring data security operation
WO2023277846A1 (en) A security system
Gupta et al. Cyber security assessment education for E-governance systems
KR20200071811A (en) Security Service system based on cloud
IBRAHIM Cybersecurity: Panorama and Implementation in 2021
Bertone et al. Integrated cyber-physical security approach for healthcare sector
Huth et al. Components and considerations in building an insider threat program
Trzeciak et al. A Framework to Effectively Develop Insider Threat Controls
Yaokumah et al. Exploring the Impact of Security Policy on Compliance
Miloslavskaya et al. Information visualisation in information security management for enterprises’s information infrastructure
Pfleeger et al. Harmonizing privacy with security principles and practices
Bańka et al. Practical Methods of Implementation for the Indispensable Mechanism of GDPR Compliance
Board Criminal Justice Information Services (CJIS) Security Policy
Evina et al. Attacks Scenarios in a Correlated Anomalies Context: Case of Medical System Database Application.
Poniszewska-Marańda et al. Security Intelligence for Real-Time Security Monitoring Software
Matulevičius et al. Security Requirements
Caldarulo et al. Oversharing: The downside of data sharing in local government
Callahan Security information and event management tools and insider threat detection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22833814

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE