1. Technical Field
The present invention is directed to an improved data processing system. More specifically, the present invention relates to a method, apparatus, and computer instructions for providing a current and complete security compliance view of an entire enterprise system for analysis of risks to business operations.
2. Description of Related Art
Businesses need a simplified way to ascertain their security posture across the enterprise. The security posture of an organization is usually seen as compliance to internal security policies, procedures, and measures. To assess and measure an organization's security compliance, data is collected from various measurement sources; the sources typically housed in different repositories and databases. This collected data is usually created, analyzed, viewed, and interpreted by various security teams and administrators for possible actions, workflows, or reports. Senior management is then informed of the organization's security posture based on the generated reports. However, much time, money, and energy is expended to generate and interpret this data. Additionally, this data collecting, analyzing, and reporting process is usually repeated over a daily, weekly, quarterly, semi-annual, and annual basis. This repeatable process costs most organizations a great deal of time, money, and effort to perform. Furthermore, the information that flows to management is subject to interpretation, usually does not provide a true enterprise security posture, and rarely is timely.
FIG. 1A shows a known simple network housing information. In particular, FIG. 1A illustrates how access to various enterprise components is currently granted and security compliance is measured. Security practices are typically grouped into categories that measure compliance against physical, network, and logical controls. It should be noted that a key is required for each access step shown in FIG. 1A. In addition, as each access granted leaves a footprint, a historical log of the access activity is created and is part of the data used to perform security health checking. Current device configuration data is also used in security health checking and assessments.
As shown in FIG. 1A, physical access is first granted to an individual, wherein the access is granted per identity (step 102). Network access is then granted for devices, the access granted per hardware address (step 104). Next, network access granted for devices, the access granted per IP address and ports (step 106). Finally, logical access to the system's applications and operating systems is granted for individuals or machines, the access granted per userID and password (step 108).
Typically, the gathered measurement data for each security practices category in FIG. 1A is further divided into regional, sectional, or departmental domains, as shown in FIG. 1B. For example, a security practices category in enterprise 110 is divided into two or more regions, such as region A 112 and region B 114. A region may also be separated into multiple departments, such as department A 116 and department B 118. Each department may be further divided into separate domains, such as network infrastructure 120 and servers/applications 122. As a great deal of human effort is already needed to run scripts and tools, await the output, analyze the data, and then provide reports to management, further effort is expended to provide the piece meal enterprise-wide compliance posture as illustrated in FIG. 1B.
Presently, there is no consolidated real-time method to gain an enterprise-wide view of the security posture of an organization. Many organizations depend on security compliance checklists, self-assessment databases, audits, and multivendor security assessment tools. However, this data is usually in the form of snapshot or historical data that at-best shows the near current security compliance posture of a subset of vendor devices and of the various parts of the enterprise. Also, the data neither conveys enterprise security readiness, nor a synopsis of the impending impact of various threats and vulnerabilities to operations if exploited.
In addition, key security, business control, and executive personnel must depend on security information collected by humans and vendor tools to determine the compliance posture of their enterprise. As this collected security information in the form of varied documents, device output files, and assessment tool reports is reviewed and analyzed to convey a departmental, organizational, and enterprise-wire security posture, the historical data is subject to various human interpretations.
Therefore, it would be advantageous to have a mechanism that provides the ability for security, technical, executive, and business control personnel to gain a real-time security posture and security compliance view of the enterprise and to assess the risk impact of known threats and attacks to continued business operations at various levels.