1. Field of the Invention
This invention pertains in general to computer security, and more specifically to measuring security risk posed by and applying security policy changes for individual network users and groups of users.
2. Description of the Related Art
Security policies applied to various computer systems typically define what it means for the systems to be secure. Most commonly, security policies are applied specifically to devices and machines, defining various security requirements or constraints for those devices/machines. Security policies generally define the constraints placed on functions of a machine, on access to the machine by external systems, and so forth. Further, security audits, or systematic reviews of security policies for a system, typically focus on machine attributes, such as security software configuration and virus definition versions.
Though security policies tend to be applied to the machine/device, infection risk is often more closely related to user behavior than to machine/device deployment. Users can take a variety of different actions on a machine or device that weakens the security or opens the system up to security risks. For example, users can access websites with bad reputations or that are known to be risky, click on links or open email attachments from unknown or suspicious users, click on spam messages, use weak passwords, download untrustworthy software, ignore security warnings, etc. Yet, current security audit and remediation mechanisms generally do not factor user behavior into risk assessments or consider user behavior in how remediation is employed.
Due to an ongoing lack of resources, system administrators are under increasing pressure to deliver better security with less staff. Because of this, administrators would prefer to invest more time in proactive steps that could prevent problems before they occur rather than costly reactive measures. Despite the fact that many security threats today are directly related to user behavior, current security mechanisms are focused primarily on machines/devices. As a result, they fail to pull together information about risky user behaviors that would help administrators take proactive steps to remediate these risks. There is currently no solution available to system administrators that measures the security risk of users based on user behaviors across devices. Further, there is no mechanism for measuring security risks of groups of users associated with an organization.
Therefore, there is a need in the art for a solution that measures the security risk posed by behaviors of individual users and groups of users, and adjusts security policies based on these risks.