Browse Prior Art Database

Security Exposure Remediation by Notification

IP.com Disclosure Number: IPCOM000236601D
Publication Date: 2014-May-05
Document File: 2 page(s) / 25K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method for remediating security problems by automatic notifications is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Security Exposure Remediation by Notification

Disclosed is a method for remediating security problems by automatic notifications.

In some industries, computer systems must comply with specific security requirements. For example the Payment Card Industry or Health Care Industry have compliance requirements around operating system hardening and security configuration settings. When a system's configuration changes which causes compliance violation to the required system security configuration, the current issue faced by the Security Officers (SOs) is as follows:


1) Systems out of compliance which creates security and business exposure to companies
2) No visibility of this non compliance to the business or SO
3) No ability to immediately fix unknown security and compliance issues.

The problem is the lack of visibility and real time notification available to the SO. When the system configurations or system policies are not compliant, there is no real-time prescribed method to remediate.

Disclosed is a method to remediate this problem that is secure against mis-configurations, accidental remediation, and missed alerts.

The disclosed method is to automatically and in real time detect untrusted states and security policy non-compliance within computer systems and then provide this information to a smart mobile device for notification and remediation.

The operating system (OS) is updated with a default security verification is incorporated into the OS. Changes that affect...