1. Field of the Invention
The present invention relates generally to an improved data processing system, in particular, to a computer implemented method, data processing system, and computer usable program product for optimizing performance in a data processing system. Still more particularly, the present invention provides a computer implemented method, data processing system, and computer usable program product for adaptive identity analysis, behavioral comparison, compliance, and application protection using usage information.
2. Description of the Related Art
Many organizations are faced with significant challenges to protect sensitive information from being stolen or accessed for inappropriate reasons. As the capture and retention of data increases at an accelerating pace, challenges such as identity theft, data misuse and the sale of sensitive data increases as well.
The current approach used by most organizations to protect sensitive data is by using identity identification. Security software confirms that the user attempting to access a computer application and/or data is validated to be who they claim to be. The validation is done by using user identity numbers/passwords, biometrics (such as a fingerprint scan), or secure cards. This approach validates the identity of the user requesting access. However, the current approach does not validate that the actual use of the data or application is valid.
As reported by the mass media, companies that sell demographic data have had sensitive data stolen by validated users. For example, a user requests and receives validation to obtain data based upon the user's claim to be a private investigator. Once access has been granted, the user accesses the data processing system and requests sensitive data, such as date of birth and social security number. A security method that uses a user identity number/password or a fingerprint scan confirms that the user is the person accessing the application. Once validated, the user is given access to the data processing system, whereby the user may access the data or applications in an invalid manner.