Browse Prior Art Database

Method to increase productivity and confiability in manual Security Health Checks execution

IP.com Disclosure Number: IPCOM000217629D
Publication Date: 2012-May-09
Document File: 4 page(s) / 66K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a lightweight tool that can be used out-of-the-box with minimum configuration to perform automated, massive security health checking and compliance testing of computer systems.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 4

Method to increase productivity and confiability in manual Security Health Checks execution

Computer systems and service providers are contractually obligated under Security Administration Services to maintain security controls. This has to be done with a Recent Security Verification of the System. Providers must develop, maintain, and implement processes and procedures that apply to evaluate Informatics Security.

When the Security Verification of the System is manually performed, as the number of tested servers grows, so does the possibility of human error. For example, upon completion of the manual verification by an administrator, a mistake could be made in the process of transferring the actual information to the document for delivery; the information could be inaccurate or out of date.

The time to deliver this information can also be compromised by failures with the actual tools, where the common failure is Agent Down. This affects the delivery date and can lead to a failure with the contractual obligations.

Generating a new Security Policy for a new client consists of the extraction of actual configuration and parameters in the client infrastructure. This activity evaluates all sections from the most recent Security Policy (Information Security Controls, or ISeC) involving several resources (depending on the infrastructure) to perform it manually and extract the information needed. Often, manual performance is necessary due to the lack of access to the servers and automated tools.

Disclosed is a new method to help automate the manual Security Verification of Systems, called the Sinapsis Method. This method decreases the time to perform and provides a medium for the information to securely travel from the beginning to end, increasing the reliability of the information extracted and keeping the Security Verifications up to date. The Sinapsis Method offers a system to increase the amount of Security Verifications without compromising the reliability of the information, while decreasing the time of execution and increasing productivity.

The Sinapsis Method offers the possibility to create full compliance testing form the policies and a medium to extract the information from several systems to a collector, without the alteration of the configuration on those systems. This method involves the use of a command language (i.e., workflow language) to generate a template based on a security policy. This template provides the evidence and tests the compliance of the system for which Sinapsis is the method used to automate security health checks.

Sinapsis is a lightweight tool that uses the following main elements to work:


• Configuration File


• Report Templates


• Libraries (e.g., Security Policy, Software Inventory, Performance Reports, Error Logging)


• Database for crede...