1. Field of the Invention
The Present Invention relates in general to networked computing systems, and, more particularly, to a system for maintaining network security policy compliance.
2. Description of the Related Art
Electronic networks, such as the Internet and various business computer networks, allow business organizations to store applications and information on central servers, having the ability to be called up and manipulated from any location. These networks allow people greater access to files and other confidential information. Global networks, such as the Internet, coupled with the ability of remote access, increase (1) the vulnerability of corporate data, (2) the risk of information leaks, (3) the risk of unauthorized document access and the disclosure of confidential information, (4) fraud and (5) attacks on privacy.
Ironically, in some instances, employees are the greatest threat to an organization's information security. Employees with access to information resources including electronic mail (“email”), the Internet and on-line networks significantly increase the security risks.
In many situations, employees are using email for personal purposes, creating questions of appropriate use of company resources, workplace productivity and appropriateness of message content. One of the greatest sources of information leaks is employee-sent email. With electronic communication and networks, an electronic paper trail is harder to determine, since no record of who accessed, altered, tampered with, reviewed or copied a file can make it very difficult to determine a document's authenticity, and provide an audit and paper trail. In addition, there is no automated system to centrally collect, analyze, measure, index, organize, track, determine authorized and unauthorized file access and disclosure, link hard copy information with electronic files including email and report on how information flows in and out of an organization.
Setting proper use and security policies comprise a generally-accepted method of creating order and setting standards for network use in the workplace. These policies are, nevertheless, ineffective unless users understand and comply with the policies. Unfortunately, most organizations do not have tangible proof when, and if, a network-based policy violation has occurred until long after the damage has been done. Due to the technical nature of network policy violations, policy enforcement officers may not have adequate knowledge, skill and evidence to properly execute a policy violation claim. Cases of selective policy enforcement can occur if policy violations are not consistently reported, filed, investigated and resolved.
Employees often view email as equivalent to a private conversation. However, this view often does not reflect the official position of the organization, or of generally-accepted societal norms. Sometimes, these email communications reflect preliminary thoughts or ideas that have not been reviewed by the organization and typically only reflect the personal opinion of the parties involved. Yet, since employees of the organization create these communications, courts and regulatory agencies have concluded that employee communications can reflect the organization's view.
Previous attempts have been made to develop a network policy management system in the workplace. Unfortunately, each previous attempt has failed to develop an effective network policy management system in the workplace
For example, U.S. Pat. No. 5,355,474 to Thuraisagham et al., titled “System For Multilevel Secure Database Management Using A Knowledge Base With Release-Based And Other Security Constraints For Query, Response And Update Modification,” describes an integrated architecture apparatus for an extended multilevel secure database management system. In Thuraisagham, the multilevel secure database management system processes security constraints to control certain unauthorized inferences through logical deduction upon queries by users and is implemented when the database is queried through the database management system, when the database is updated through the database management system and when the database is designed using a database design tool. Thuraisagham is not intended to insure optimal policy compliance and effectiveness. Further, it does not analyze network security policy compliance actions undertaken to determine ineffectual policies to modify and then automatically implement a different network security policy. Rather, Thuraisagham is a secure database management system that processes security constraints (rules that assign security levels to data) to control certain unauthorized inferences through logical deduction upon queries by users and is implemented when the database management system is updated.
Second, U.S. Pat. No. 5,440,744 to Jacobson et al., titled “Methods And Apparatus For Implementing Server Functions In A Distributed Heterogeneous Environment,” describes that, in distributed heterogeneous data processing networks, a dispatcher and a control server software components execute the code of a single application or of many portions of the code of one or more applications in response to a method object (which includes a reference to the code to be executed) received from a client application. Although Jacobson provides an efficient and simple manner for an application on one platform to be invoked by an application on the same of different platform, like Thuraisagham, Jacobson is not intended to insure optimal policy compliance and effectiveness. Further, it does not analyze network security policy compliance actions undertaken to determine ineffectual policies to modify and then automatically implement a different network security policy.
Third, U.S. Pat. No. 5,621,889 to Lemuzeaux et al., titled “Facility For Detecting Intruders And Suspect Callers In A Computer Installation And A Security System Including Such A Facility,” describes a facility for detecting intrusions and suspect users in a computer installation and a security system incorporating such a facility that makes use of surveillance data relating to the operation of the installation. The facility includes elements for modeling the computer installation, its users and their respective behavior with the help of a semantic network; elements for comparing the “modelized” behavior of the system and of its users relative to modelized normal behavior; elements for interpreting observed anomalies in terms of intrusions and of intrusion hypothesis; elements for interpreting observed intrusion hypotheses and intrusions in order to indicate them and enable restraint actions to be prepared. Elements are provided to evaluate the degree of suspicion of users. The elements cooperate with one another for the purpose of providing information. Lemuzeaux is intended to detect network security intrusions. The expert system serves to check the behavior of the computer installation and it's users in such a matter as to determine whether said behavior complies with the behavior and security rules already established.
Fourth, U.S. Pat. No. 5,797,128 to Birnbaum, titled “System And Method For Implementing A Hierarchical Policy For Computer System Administration,” describes a system and method for implementing a hierarchical policy for computer system administration which is extremely flexible in assigning policies to managed objects. Policies are defined to be rules for the values of the attributes of managed objects. Policy groups comprise the basic building blocks and they associate a set of policies with a set of managed objects. Policy groups can also be members of other policy groups and a policy group inherits the policies of its parent policy groups supporting the hierarchical specification of policy. A given policy group may have multiple parents which allows the “mix-in” of policies from the parents. Cloning and templates in conjunction with validation policies and policy groups provide standardization and a concomitant reduction in system administration complexity. Birnbaum, essentially, is a system and method for implementing a hierarchical policy for computer system administration that is flexible in assigning policies to managed objects. Birnbaum requires system administrators to define policies by specifying expressions that describe the constraints for the attributes of a class of managed objects. Like Lemuzeaux, Birnbaum does not automatically undertake actions to bring the network into compliance. And it also does not analyze network security policy compliance actions undertaken to determine ineffectual policies to modify and then automatically implement a different network security policy.
Finally, U.S. Pat. No. 6,070,244 to Orchier, entitled “Computer Network Security Management System,” describes a method and system for controlling computer security. The system is a centralized, computer-network security management tool capable of handling many different kinds of equipment in a standardized format despite differences in the computer security features among the diverse range of computer equipment in the computer network. The invention uses a layered software architecture, including a technology specific layer and a technology independent layer. The technology specific layer serves to extract and maintain security data on target platforms and for converting data to and from a common data model used by the technology independent layer. The technology independent layer handles the main functionality of the system such as locating and removing certain present and former employees from computer access lists, auditing system user data, monitoring security events (e.g., failed login attempts), automatically initiating corrective action, interfacing with the system users, reporting, querying and storing of collected data's invention are prior art. Orchier automatically takes actions, changes system parameters to be meet an established policy. However, the invention does not take the step of analyzing network security policy compliance actions undertaken to determine ineffectual policies to modify and then automatically implement a different network security policy.
The disclosures of each of the aforementioned references are herein incorporated into the Specification of the Present Invention in their entireties.
Due to the above-referenced disadvantages, there is a need for network communications software programs that offers robust policy compliance assistance, policy effectiveness monitoring and reporting. Further, there is also a need for an automated system to assist policy enforcement officers with proper policy enforcement procedure, and methods to measure policy effectiveness, appropriateness, user system activity and compliance.