Traitement en cours

Veuillez attendre...

Paramétrages

Paramétrages

Aller à Demande

1. WO2020018141 - DÉTECTION D'ANOMALIES CONCERNANT DE MULTIPLES FICHIERS BASÉE SUR DES COMPTAGES DE VIOLATION

Note: Texte fondé sur des processus automatiques de reconnaissance optique de caractères. Seule la version PDF a une valeur juridique

[ EN ]

WHAT IS CLAIMED IS:

1. A system for protecting sensitive data, the system comprising:

one or more processors; and

a memory storing instructions that, when executed by the one or more processors, cause the system to perform:

obtaining file classification information for a set of files, the file classification information defining (1) a number of classified files within the set of files, (2) a number of classification categories associated with the classified files, (3) a number of unauthorized classified files that do not match an access privilege of a user, and (4) a number of unauthorized classification categories associated with the unauthorized classified files; and

determining a violation of an access control policy based on the file classification information.

2. The system of claim 1, wherein determining the violation of the access control policy based on the file classification information includes:

determining a risk parameter based on (1) the number of classified files within the set of files, (2) the number of classification categories associated with the classified files, (3) the number of unauthorized classified files that do not match the access privilege of the user, and (4) the number of unauthorized classification categories associated with the unauthorized classified files; and

determining the violation of the access control policy based on the risk parameter exceeding a risk parameter threshold.

3. The system of claim 1, wherein determining the violation of the access control policy based on the file classification information includes:

determining the violation of the access control policy based on the number of unauthorized classified files that do not match the access privilege of the user exceeding an unauthorized classified files threshold.

4. The system of claim 1, wherein determining the violation of the access control policy based on the file classification information includes:

7?

determining the violation of the access control policy based on the number of unauthorized classification categories associated with the unauthorized classified files exceeding an unauthorized classification categories threshold

5. The system of claim 1, wherein the set of files is stored in an electronic storage of a computing device, and at least a portion of the file classification information for the set of files is determined by a discovery agent running on the computing device.

6. The system of claim 5, wherein the discovery- agent determines at least the portion of the file classification information based on (1) a determination of the classification categories associated with the classified files, and (2) the access privilege of the user.

7. The system of claim 1, wherein a prevention analysis of the classified files is performed based on the determination of the violation of the access control policy.

8. The system of claim 7, wherein a post-leak analysis of the classifi ed files is performed based on the determination of the violation of the access control policy.

9. A method for protecting sensitive data, the method comprising:

obtaining file classification information for a set of files, the file classification information defining (1) a number of classified files within the set of files, (2) a number of classification categories associated with the classified files, (3) a number of unauthorized classified files that do not match an access privilege of a user, and (4) a number of unauthorized classification categories associated with the unauthorized classified files; and

determining a violation of an access control policy based on the file classification information.

10. The method of claim 9, wiierein determining the violation of the access control policy based on the file classification information includes:

determining a risk parameter based on (1) the number of classified files within the set of files, (2) the number of classification categories associated with the classified files, (3) the number of unauthorized classified files that do not match the access privilege of the user, and (4) the number of unauthorized classification categories associated with the unauthorized classified files, and

determining the violation of the access control policy based on the risk parameter exceeding a risk parameter threshold.

11. The method of claim 9, wherein determining the violation of the access control policy based on the file classification information includes:

determining the violation of the access control policy based on the number of unauthorized classified files that do not match the access privilege of the user exceeding an unauthorized classified files threshold.

12. The method of claim 9, wherein determining the violation of the access control policy based on the file classification information includes:

determining the violation of the access control policy based on the number of unauthorized classification categories associated with the unauthorized classified files exceeding an unauthorized classification categories threshold.

13. The method of claim 9, wherein the set of files is stored in an electronic storage of a computing device, and at least a portion of the file classification information for the set of files is determined by a discovery agent running on the computing device.

14. The method of claim 13, wherein the discover}- agent determines at least the portion of the file classifi cation information based on (1) a determination of the classification categories associated with the classified files, and (2) the access privilege of the user.

15. The method of claim 9, wherein a prevention analysis of the classified files is performed based on the determination of the violation of the access control policy.

16. The method of claim 15, wherein a post-leak analysis of the classified files is performed based on the determination of the violation of the access control policy.

17. A non-transitory computer-readable medium for protecting sensitive data, the non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors to perform:

obtaining file classification information for a set of files, the file classifi cation information defining (1) a number of classified files within the set of files, (2) a number of classification categories associated with the classified files, (3) a number of unauthorized classified files that do not match an access privilege of a user, and (4) a number of unauthorized classification categories associated with the unauthorized classified files; and

determining a violation of an access control policy based on the file cl as si ft cat! on inform ati on .

18. The non-transitory computer-readable medium of claim 17, wherein determining the violation of the access control policy based on the file classification information includes:

determining a risk parameter based on (1) the number of classified files within the set of files, (2) the number of classification categories associated with the classified files, (3) the number of unauthorized classified files that do not match the access privilege of the user, and (4) the number of unauthorized classification categories associated with the unauthorized classified files, and

determining the violation of the access control policy based on the risk parameter exceeding a risk parameter threshold.

19. The non-transitory computer-readable medium of claim 17, wherein determining the violation of the access control policy based on the file classification information includes:

determining the violation of the access control policy based on the number of unauthorized classified files that do not match the access privilege of the user exceeding an unauthorized classified files threshold.

75

20. The non-transitory computer-readable medium of claim 17, wherein determining the violation of the access control policy based on the file classification information includes:

determining the violation of the access control policy based on the number of unauthorized classification categories associated with the unauthorized classified files exceeding an unauthorized classification categories threshold.